GraphQL Disable Introspection
Disables introspection queries on your API. This is useful in production to prevent attackers from learning about your API. You can still keep introspection enabled for any request not going through Zuplo.
Configuration
The configuration shows how to configure the policy in the 'policies.json' document.
config/policies.json
{
"name": "my-graphql-disable-introspection-inbound-policy",
"policyType": "graphql-disable-introspection-inbound",
"handler": {
"export": "GraphQLDisableIntrospectionInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {}
}
}
GraphQL Disable Introspection
This policy allows you to disable introspection queries on your API. Any
introspection query will be blocked with a 403 Forbidden
response.
Read more about how policies work