Add dangerouslyDisableValidation option to @apollo/server #7786
Conversation
ganemone
requested review from
glasser,
trevor-scheer and
a team
as code owners
👷 Deploy request for apollo-server-docs pending review.Visit the deploys page to approve it
|
|
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit c44698a:
|
docs/source/api/apollo-server.mdx
Outdated
| @@ -199,6 +199,21 @@ An array containing custom functions to use as additional [validation rules](htt | |||
| <tr> | |||
| <td> | |||
|
|
|||
| ###### `disableValidation` | |||
There was a problem hiding this comment.
I'd consider giving this a name like dangerouslyDisableValidation (like React — I'm not sure if we have examples of similar names in Apollo Server or other Apollo projects already), and give more context on potential side effects. My vague recollection is that graphql-js execution (and perhaps aspects of Apollo Server like the plugin system or usage reporting) does assume that some of the validations have been run and that this can have highly unexpected effects at runtime (certainly including security issues if you are assuming that values have expected types).
There was a problem hiding this comment.
Sure - I'm fine with that
ganemone
changed the title
|
Could you document the use case of this somewhere? Would be useful to understand a bit more about when and why this option might be necessary |
Validation can be pretty slow, especially for large operations. In our case we have a federation gateway server that validates the query anyway, so we end up doing validation twice. We hope to see some performance improvements by disabling validation for federated services. |
|
Ah that makes sense, thanks for the response! |
|
@rupert648 it's worth mentioning that validation is a cached operation, so you should only expect to perform validation for a given query one time during the life of a server instance (assuming you haven't exceeded the size of the cache and started evicting entries). |
|
Yep thank you, assuming @ganemone has subgraphs in a serverless environment where local caching of the validation isn't as effective. Thanks for taking the time to respond! |
|
I added an additional note in the docs: 2babd5b |
This adds a
disableValidationoption to @apollo/server which will skip the validation step for graphql operations.