search

leangen / graphql-spqr-spring-boot-starter

Spring Boot 2 starter powered by GraphQL SPQR
Apache License 2.0
275 stars 68 forks source link

Disable introspection #127

Open jhonnyperezm opened 1 year ago

jhonnyperezm commented 1 year ago

There is some way to disable introspection, I can't find the way and in production it has security problems.

saurabhgour commented 6 months ago

Following customization worked for me for 'io.leangen.graphql:graphql-spqr-spring-boot-starter:0.0.5' Hope this helps!

@Configuration
public class GraphqlSchemaConfig {

    @Bean
    public BeanPostProcessor graphqlSchemaCustomizer() {
        return new BeanPostProcessor() {
            @Override
            public Object postProcessAfterInitialization(Object bean, String beanName) throws BeansException {
                if (bean instanceof GraphQLSchemaGenerator) {
                    GraphQLSchemaGenerator generator = (GraphQLSchemaGenerator) bean;
                    generator.withSchemaProcessors((schemaBuilder, buildContext) -> {
                        schemaBuilder.fieldVisibility(NoIntrospectionGraphqlFieldVisibility.NO_INTROSPECTION_FIELD_VISIBILITY);
                        return schemaBuilder;
                    });
                    return generator;
                }
                return bean;
            }
        };
    }
}