Closed markrzen closed 8 months ago
@mcollina Can we get this on a reviewers queue? I wouldn't usually poke maintainers like this, but previous PRs seem to be getting reviewed within a few days. I wanted to make sure this didn't fall through the cracks.
@simoneb Any chance this is something you can review?
@simoneb @mcollina Thanks y'all. What sort of release schedule are y'all doing? Any expectations I should have?
Support passing options to GraphQL's
validate
andparse
functions.Reasoning to allow configuration of these functions topics is fine tuning to prevent DDOS attacks.
This allows developers to set:
validate
's options ofmaxErrors
to something more/less than the 100 default. This prevents an attacker from specifying 100 invalid fields, requiring CPU time generating validation errors.parse
's options ofmaxTokens
to a value. It has no default. This prevent an attacker from producing a overly high complexity query that requires a high amount of CPU time.