How to disable introspection via validation rules? #1342
Labels
Comments
|
I ended up going with this: from graphql import ExecutionResult, parse, validate
from graphql.validation import NoSchemaIntrospectionCustomRule
class ValidatingSchema(graphene.Schema):
def __init__(self, *args, validation_rules=(), **kwargs):
super().__init__(*args, **kwargs)
self.validation_rules = validation_rules
def execute(self, *args, **kwargs):
return self.validate(*args, **kwargs) or super().execute(*args, **kwargs)
async def execute_async(self, *args, **kwargs):
return self.validate(*args, **kwargs) or await super().execute_async(*args, **kwargs)
def validate(self, *args, **kwargs):
if query := (kwargs.get("source") or kwargs.get("request_string")):
errors = validate(self.graphql_schema, parse(query), rules=self.validation_rules, max_errors=3)
if errors:
return ExecutionResult(errors=errors)
schema = ValidatingSchema(
query=...,
mutation=...,
directives=...,
validation_rules=(
*filter(None, (NoSchemaIntrospectionCustomRule if not settings.DEBUG else None,)),
),
) |
Closed
This was referenced Oct 26, 2023
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
I need to disable introspection for graphql, how would I do that using the method described here
Describe the solution you'd like
An example of accomplishing this would be nice
Describe alternatives you've considered
I am thinking to either create a subclass of
GraphQLVieworgraphene.Schemaand add the query validation there, but I don't know if that's the recommended approachAdditional context
The text was updated successfully, but these errors were encountered: