-
-
Notifications
You must be signed in to change notification settings - Fork 7.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GraphQL nesting security limit #1058
Comments
You can already use the
Also, I'm not sure it's a great thing to put a default limit because how do you handle the case when you want to display all the articles of a user?
|
Aurelien, I didn't mean a limit on the number of records, but a limit on the depth of the nesting. See this article by Max Stoiber: |
@f2net Oh yes, I already read it! You're right we have to limit the depth of the nesting. |
hi I'm doing this query - which will not work as expected: image will always be image: null is this related to a limited depth of nesting or is it something else? when i directly request http://localhost:1337/bgimage then the image property is not null if this query is used "standalone" it also works: {bgimages { title image { url } } } thx |
@dsheyp You're not the first one to report me this issue. Can you open another issue? |
I added the amount limiting and depth limiting feature. I think 7 levels of depths is enough. What do you think about that? |
What is the expected behavior?
I think there should be a limit (set by admin interface) to the nesting depth of a GraphQL query.
Otherwise launching queries like the one below could overload the server:
What do you think about it?
The text was updated successfully, but these errors were encountered: