-
Task
-
Resolution: Done
-
Major
-
None
-
None
-
None
-
Service Team 2 - Sprint 12
Investigation document: https://docs.google.com/document/d/1SPA6tqW78SLXwZLldOdG-Zw6PtBiVfdpIzn9mrg-Lyk/edit#
As per written in the investigation document, we need to provide a way to pass config options to Apollo server to:
- disable introspection queries
- limit query length
- limit query depth
- ...
UPDATE: I was thinking all these security features are supported out-of-the-box with Apollo server and thinking that we need to pass simple JSON to Apollo server. But these are all provided by separate packages which are attached to Apollo server as validationRules. So, we just need to come up with a config JSON format and pass the related values from the config JSON to those validationRules.