Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add middleware to disable introspection query #2348

Merged
merged 3 commits into from
Jun 19, 2023
Merged

add middleware to disable introspection query #2348

merged 3 commits into from
Jun 19, 2023

Conversation

tiftran
Copy link
Contributor

@tiftran tiftran commented Jun 16, 2023
edited
Loading

@tiftran tiftran requested a review from leplatrem June 16, 2023 07:12
leplatrem
leplatrem approved these changes Jun 16, 2023
View reviewed changes
Copy link
Contributor

@leplatrem leplatrem left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add a bit more info about context etc. ;)

normandy/schema.py Outdated
schema = graphene.Schema(query=NormandyQuery)
class DisableIntrospectionMiddleware:
"""
This class hides the introspection.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you make it explicit why we are doing that?
Link to bug? A few words maybe?

Copy link
Contributor Author

@tiftran tiftran Jun 16, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since there's no bug, i added a link that states its best practice to disable introspection queries. Though, I could create a git issue and reference it?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's ok ;)

normandy/schema.py Outdated

def resolve(self, next, root, info, **kwargs):

if info.field_name.lower() in ['__schema', '_introspection']:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are looking for private fields here, where do they come from? A link maybe?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed up the list, with a list that is listed from https://graphql.org/learn/introspection/

@tiftran
Copy link
Contributor Author

tiftran commented Jun 19, 2023

bors merge

@bors
Copy link
Contributor

bors bot commented Jun 19, 2023

Build succeeded!

The publicly hosted instance of bors-ng is deprecated and will go away soon.

If you want to self-host your own instance, instructions are here.
For more help, visit the forum.

If you want to switch to GitHub's built-in merge queue, visit their help page.

@bors bors bot merged commit 5437bc3 into master Jun 19, 2023
@bors bors bot deleted the disable-intro branch June 19, 2023 18:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leplatrem leplatrem leplatrem approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tiftran @leplatrem