From 8ef174f274cf8fd2defb42c7435c8e46979adea5 Mon Sep 17 00:00:00 2001
From: mauriau <m.auriau@toovalu.com>
Date: Tue, 10 Dec 2024 16:16:38 +0100
Subject: [PATCH 1/2] feat(graphql): allow to change max_query_depth and
 max_query_complexity

---
 core/configuration.md |  8 +++++++-
 core/graphql.md       | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/core/configuration.md b/core/configuration.md
index 86a0c5ec6b4..0cca9817033 100644
--- a/core/configuration.md
+++ b/core/configuration.md
@@ -155,7 +155,13 @@ api_platform:
 
         # The nesting separator used in the filter names.
         nesting_separator: _
-
+        
+        # The maximum query depth. Set to 0 to disable it. Look at http://webonyx.github.io/graphql-php/security/#limiting-query-depth
+        max_query_depth: 20
+        
+        # The maximum query complexity. Set to 0 to disable it. Look at http://webonyx.github.io/graphql-php/security/#query-complexity-analysis
+        max_query_complexity: 500
+        
         collection:
             pagination:
                 enabled: true
diff --git a/core/graphql.md b/core/graphql.md
index b815599a0a6..2f11be7ef42 100644
--- a/core/graphql.md
+++ b/core/graphql.md
@@ -254,6 +254,38 @@ return [
 ];
 ```
 
+## Change Max Query Depth
+
+For security reason, the max query depth should be limited to avoid deep queries. It's set to 100 by default.
+
+### Symfony config to change the Max Query Depth
+
+If you need to change it, it can be done in the configuration:
+
+```yaml
+# api/config/packages/api_platform.yaml
+api_platform:
+  graphql:
+    max_query_depth: 7
+# ...
+```
+
+## Change Max Query Complexity
+
+For security reason, the max query complexity should be limited to avoid complex queries. It's set to 100 by default.
+
+### Symfony config to change the Max Query Complexity
+
+If you need to change it, it can be done in the configuration:
+
+```yaml
+# api/config/packages/api_platform.yaml
+api_platform:
+  graphql:
+    max_query_complexity: 50
+# ...
+```
+
 ## Request with `application/graphql` Content-Type
 
 If you wish to send a [POST request using the `application/graphql` Content-Type](https://graphql.org/learn/serving-over-http/#post-request),

From 59da0dec81978ffe309ec263703ce3a3756299a2 Mon Sep 17 00:00:00 2001
From: Vincent Amstoutz <vincent.amstoutz@les-tilleuls.coop>
Date: Wed, 15 Jan 2025 13:22:18 +0100
Subject: [PATCH 2/2] docs(graphql): support laravel for max_query_depth &
 max_query_complexity

---
 core/configuration.md | 10 ++++++++--
 core/graphql.md       | 34 ++++++++++++++++++++++++++++++++--
 2 files changed, 40 insertions(+), 4 deletions(-)

diff --git a/core/configuration.md b/core/configuration.md
index 0cca9817033..e1d76e8b9a1 100644
--- a/core/configuration.md
+++ b/core/configuration.md
@@ -156,10 +156,10 @@ api_platform:
         # The nesting separator used in the filter names.
         nesting_separator: _
         
-        # The maximum query depth. Set to 0 to disable it. Look at http://webonyx.github.io/graphql-php/security/#limiting-query-depth
+        # The maximum query depth. Set to 0 to disable it. Look at https://webonyx.github.io/graphql-php/security/#limiting-query-depth
         max_query_depth: 20
         
-        # The maximum query complexity. Set to 0 to disable it. Look at http://webonyx.github.io/graphql-php/security/#query-complexity-analysis
+        # The maximum query complexity. Set to 0 to disable it. Look at https://webonyx.github.io/graphql-php/security/#query-complexity-analysis
         max_query_complexity: 500
         
         collection:
@@ -551,6 +551,12 @@ return [
 
         // The nesting separator used in the filter names.
         'nesting_separator' => '_',
+        
+        // The maximum query depth. Set to 0 to disable it. Look at https://webonyx.github.io/graphql-php/security/#limiting-query-depth
+        'max_query_depth' => 20,
+        
+        // The maximum query complexity. Set to 0 to disable it. Look at https://webonyx.github.io/graphql-php/security/#query-complexity-analysis
+        'max_query_complexity' => 500,
 
         'collection' => [
             'pagination' => [
diff --git a/core/graphql.md b/core/graphql.md
index 2f11be7ef42..63214040076 100644
--- a/core/graphql.md
+++ b/core/graphql.md
@@ -256,7 +256,7 @@ return [
 
 ## Change Max Query Depth
 
-For security reason, the max query depth should be limited to avoid deep queries. It's set to 100 by default.
+For security reason, the max query depth should be limited to avoid deep queries. **It's set to 100 by default**.
 
 ### Symfony config to change the Max Query Depth
 
@@ -270,9 +270,24 @@ api_platform:
 # ...
 ```
 
+### Laravel config to change the Max Query Depth
+
+If you need to change it, it can be done in the configuration:
+
+```php
+<?php
+// config/api-platform.php
+return [
+    // ....
+    'graphql' => [
+        'max_query_depth' => 7,
+    ],
+];
+```
+
 ## Change Max Query Complexity
 
-For security reason, the max query complexity should be limited to avoid complex queries. It's set to 100 by default.
+For security reason, the max query complexity should be limited to avoid complex queries. **It's set to 100 by default**.
 
 ### Symfony config to change the Max Query Complexity
 
@@ -286,6 +301,21 @@ api_platform:
 # ...
 ```
 
+### Laravel config to change the Max Query Complexity
+
+If you need to change it, it can be done in the configuration:
+
+```php
+<?php
+// config/api-platform.php
+return [
+    // ....
+    'graphql' => [
+        'max_query_complexity' => 50,
+    ],
+];
+```
+
 ## Request with `application/graphql` Content-Type
 
 If you wish to send a [POST request using the `application/graphql` Content-Type](https://graphql.org/learn/serving-over-http/#post-request),