Skip to content

feat: Improve GraphQL security #2471

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bprusinowski merged 3 commits into from
Oct 14, 2025
Merged

feat: Improve GraphQL security #2471

bprusinowski merged 3 commits into from
Oct 14, 2025

Conversation

@bprusinowski
Copy link
Collaborator

@bprusinowski bprusinowski commented Oct 13, 2025
edited
Loading

Closes #2465

This PR:

  • introduces a GQL nesting limit (1), to prevent DoS attacks,
  • disables GQL introspection in production to make it harder to inspect all available queries.

TODO:

  • Think about batching limits
  • I added a CHANGELOG entry
  • I made a self-review of my own code

@vercel
Copy link
Contributor

vercel bot commented Oct 13, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
visualization-tool Ready Ready Preview Comment Oct 14, 2025 1:40pm

@bprusinowski bprusinowski merged commit 37f9786 into main Oct 14, 2025
13 of 14 checks passed
@bprusinowski bprusinowski deleted the fix/gql-query-depth branch October 14, 2025 13:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

✓ Security Misconfiguration

2 participants

@bprusinowski