Closed yutv closed 1 year ago
Hi, we will not do this.
Our experience has proven that separated packages are hard to maintain and often left-behind.
See https://github.com/Smile-SA/magento2-module-elasticsuite-cms-search or https://github.com/Smile-SA/magento2-module-elasticsuite-rating or https://github.com/Smile-SA/magento2-module-elasticsuite-quick-order
They're not really up-to-date. It's also much painful to centralise any potential issues.
To be honest, I don't think there is a gain in disabling Magento2 graphql modules. There are a lot of junk modules that are worth to disable (optional core modules, bundled extensions like vertex, etc...), but the graphQl ones does not really have an impact.
Regards
@romainruaud for those wanting to reduce attack surface areas, removing GraphQL becomes something wanted.
Can you rewrite to not have a hard dependency on it and check whether it's installed so we're not forced to have the entirety of graph-ql installed to use Smile?
Having the same issue, trying to remove the unused GraphQL endpoints from Magento because they show a security risk while running the Acunetix vulnerability scanner.
php bin/magento s:d:c
Interface "Magento\CatalogGraphQl\Model\Resolver\Products\Query\ProductQueryInterface" not found
But adding "smile/module-elasticsuite-catalog-graph-ql": "*"
doesn't work.
It's still possible to remove the following Magento GraphQL modules and use smile/elasticsuite
:
"replace": {
"magento/module-async-order-graph-ql": "*",
"magento/module-authorizenet-graph-ql":"*",
"magento/module-bundle-graph-ql": "*",
"magento/module-catalog-cms-graph-ql":"*",
"magento/module-catalog-customer-ql": "*",
"magento/module-catalog-customer-graph-ql":"*",
"magento/module-catalog-inventory-graph-ql": "*",
"magento/module-catalog-permissions-graph-ql": "*",
"magento/module-catalog-rule-graph-ql": "*",
"magento/module-catalog-staging-graph-ql": "*",
"magento/module-catalog-url-rewrite-graph-ql": "*",
"magento/module-checkout-agreements-graph-ql":"*",
"magento/module-cms-graph-ql": "*",
"magento/module-cms-url-rewrite-graph-ql": "*",
"magento/module-compare-list-graph-ql": "*",
"magento/module-configurable-product-graph-ql": "*",
"magento/module-customer-balance-graph-ql": "*",
"magento/module-customer-downloadable-graph-ql":"*",
"magento/module-customer-graph-ql": "*",
"magento/module-directory-graph-ql": "*",
"magento/module-downloadable-graph-ql": "*",
"magento/module-elasticsearch-catalog-permissions-graph-ql": "*",
"magento/module-gift-card-account-graph-ql": "*",
"magento/module-gift-card-graph-ql": "*",
"magento/module-gift-message-graph-ql": "*",
"magento/module-gift-registry-graph-ql": "*",
"magento/module-gift-wrapping-graph-ql": "*",
"magento/module-grouped-product-graph-ql": "*",
"magento/module-inventory-graph-ql": "*",
"magento/module-inventory-in-store-pickup-graph-ql": "*",
"magento/module-inventory-in-store-pickup-quote-graph-ql": "*",
"magento/module-inventory-quote-graph-ql": "*",
"magento/module-login-as-customer-graph-ql": "*",
"magento/module-multiple-wishlist-graph-ql": "*",
"magento/module-newsletter-graph-ql": "*",
"magento/module-quote-graph-ql": "*",
"magento/module-payment-graph-ql": "*",
"magento/module-paypal-graph-ql": "*",
"magento/module-re-captcha-webapi-graph-ql": "*",
"magento/module-related-product-graph-ql":"*",
"magento/module-review-graph-ql": "*",
"magento/module-reward-graph-ql": "*",
"magento/module-rma-graph-ql": "*",
"magento/module-sales-graph-ql": "*",
"magento/module-send-friend-graph-ql": "*",
"magento/module-staging-graph-ql": "*",
"magento/module-store-graph-ql": "*",
"magento/module-swatches-graph-ql": "*",
"magento/module-target-rule-graph-ql": "*",
"magento/module-tax-graph-ql": "*",
"magento/module-theme-graph-ql": "*",
"magento/module-url-rewrite-graph-ql": "*",
"magento/module-vault-graph-ql": "*",
"magento/module-versions-cms-url-rewrite-graph-ql": "*",
"magento/module-weee-graph-ql": "*",
"magento/module-wishlist-gift-card-graph-ql": "*",
"magento/module-wishlist-graph-ql": "*"
}
I hope @romainruaud will reconsider this in the future!
On the projects which don't use any GraphQl functionality there is a good tool to disable all of them via composer https://github.com/yireo/magento2-replace-tools
Unfortunately the Elasticsuite has no a separate GraphQl composer package so it's impossible to disable it that way.
Describe the solution you'd like
The
Smile_ElasticsuiteCatalogGraphQl
Magento module should be moved to a separate composer package.