Releases: apollographql/apollo-server
@apollo/[email protected]
Minor Changes
-
#7916
4686454
Thanks @andrewmcgivery! - AddhideSchemaDetailsFromClientErrors
option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors.Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation
will be met with a validation error that includes a helpful "did you mean" as part of the error text.For example, with this option set to
true
, an error would readCannot query field "help" on type "Query".
whereas with this option set tofalse
it would readCannot query field "help" on type "Query". Did you mean "hello"?
.We recommend enabling this option in production to avoid leaking information about your schema to malicious actors.
To enable, set this option to
true
in yourApolloServer
options:const server = new ApolloServer({ typeDefs, resolvers, hideSchemaDetailsFromClientErrors: true, });
@apollo/[email protected]
Patch Changes
- Updated dependencies [
4686454
]:- @apollo/[email protected]
@apollo/[email protected]
@apollo/[email protected]
Patch Changes
-
#7821
b2e15e7
Thanks @renovate! - Non-major dependency updates -
#7900
86d7111
Thanks @trevor-scheer! - Inline a small dependency that was causing build issues for ESM projects -
Updated dependencies [
b2e15e7
,86d7111
]:- @apollo/[email protected]
@apollo/[email protected]
Patch Changes
- #7871
18a3827
Thanks @tninesling! - Subscription heartbeats are initialized prior to awaiting subscribe(). This allows long-running setup to happen in the returned Promise without the subscription being terminated prior to resolution.
@apollo/[email protected]
Patch Changes
- Updated dependencies [
18a3827
]:- @apollo/[email protected]
@apollo/[email protected]
Patch Changes
- #7866
5f335a5
Thanks @tninesling! - Catch errors thrown by subscription generators, and gracefully clean up the subscription instead of crashing.
@apollo/[email protected]
Patch Changes
- Updated dependencies [
5f335a5
]:- @apollo/[email protected]
@apollo/[email protected]
Patch Changes
- #7849
c7e514c
Thanks @TylerBloom! - In the subscription callback server plugin, terminating a subscription now immediately closes the internal async generator. This avoids that generator existing after termination and until the next message is received.
@apollo/[email protected]
Patch Changes
- Updated dependencies [
c7e514c
]:- @apollo/[email protected]