Closed larscyl closed 2 weeks ago
@larscyl it is disabled by default, only enabled in our demos with example code. stern warnings are provided. your implementation appears to have enabled this, so you need to take it up with them!
@acao thanks for your swift response! Can you point out which option this is? I can't seem to locate it in the config API.
I'm using graphql-yoga/node
, so I'll create a ticket over there thereafter.
Is there an existing issue for this?
Current Behavior
When using GraphiQL, the whole query and content updates the URL to reflect the query in the URL query parameter
?query=
.If someone develops or debugs with sensitive data like passwords, keys,... these are then effectively leaked in the:
Expected Behavior
GraphiQL should not reflect the query in the URL, or make it an option disabled by default.
Steps To Reproduce
Environment
Anything else?
No response