You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
We would like to send the complete query with tracing spans (could be used by Studio for analysis). Unfortunately, queries can contain inline sensitive data in input arguments, so we cannot send them as is.
Describe the solution you'd like
We need a way to sanitize queries and remove private data. The future query planner using apollo-rs could be used to recognize raw input values, replace them with variables in the query, and put the values in the variables. That is apparently possible but we don't know what impact this will have on our users
Let's close this and re-visit it if we need to. We already use the router-bridge's mechanism for removing string, numeric and object literals prior to sending those to Studio as a "Signature" so we should be covered for the time-being.
Is your feature request related to a problem? Please describe.
We would like to send the complete query with tracing spans (could be used by Studio for analysis). Unfortunately, queries can contain inline sensitive data in input arguments, so we cannot send them as is.
Describe the solution you'd like
We need a way to sanitize queries and remove private data. The future query planner using apollo-rs could be used to recognize raw input values, replace them with variables in the query, and put the values in the variables. That is apparently possible but we don't know what impact this will have on our users
Describe alternatives you've considered
The current way in the server is to modify the AST before sending the usage report: https://github.com/apollographql/apollo-tooling/blob/b1bd747861bcdb733a5e357c019885a6c0293ec7/packages/apollo-graphql/src/operationId.ts#L69-L78
Additional context
We might need to make query reporting more configurable, with options to send or not the query depending on the operation, or deciding whether to send variables, as is done in apollo-server https://www.apollographql.com/docs/apollo-server/api/plugin/usage-reporting/
The text was updated successfully, but these errors were encountered: