Policies

GraphQL Disable Introspection Policy

This is useful in production to prevent attackers from learning about your API. You can still keep introspection enabled for any request not going through Zuplo.

This policy allows you to disable introspection queries on your API. Any introspection query will be blocked with a 403 Forbidden response.

Configuration

The configuration shows how to configure the policy in the 'policies.json' document.

{
  "name": "my-graphql-disable-introspection-inbound-policy",
  "policyType": "graphql-disable-introspection-inbound",
  "handler": {
    "export": "GraphQLDisableIntrospectionInboundPolicy",
    "module": "$import(@zuplo/runtime)",
    "options": {}
  }
}

Policy Options

The options for this policy are specified below. All properties are optional unless specifically marked as required.

    Using the Policy

    Read more about how policies work

    Previous
    Archive Response to AWS S3
    Next
    GraphQL Complexity Limit