From 723dd6978147a7d518a74a8d6e0e878bb2a6985c Mon Sep 17 00:00:00 2001 From: Thibault B Date: Mon, 11 May 2020 18:22:05 +0200 Subject: [PATCH 1/2] Update symfony doc: introspection, maximum_query_complexity and maximum_query_depth --- docs/symfony-bundle-advanced.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/docs/symfony-bundle-advanced.md b/docs/symfony-bundle-advanced.md index 02c469e905..c5c4c1db72 100644 --- a/docs/symfony-bundle-advanced.md +++ b/docs/symfony-bundle-advanced.md @@ -53,6 +53,26 @@ By default, GraphQLite assumes that your firewall name is "main". This is the de Symfony security bundle so it is likely the value you are using. If for some reason you want to use another firewall, configure the name with `graphqlite.security.firewall_name`. +You can disable the introspection of your GraphQL API (for instance in production mode) using +the `introspection` configuration properties. + +```yaml +graphqlite: + security: + introspection: false +``` + + +You can set the maximum complexity and depth of your GraphQL queries using the `maximum_query_complexity` +and `maximum_query_depth` configuration properties + +```yaml +graphqlite: + security: + maximum_query_complexity: 314 + maximum_query_depth: 42 +``` + ### Login using the "login" mutation The mutation below will log-in a user: From cd6c6d9514f6179594ab6e5cbd20b8706598fb88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20N=C3=A9grier?= Date: Tue, 12 May 2020 16:09:36 +0200 Subject: [PATCH 2/2] Addint title --- docs/symfony-bundle-advanced.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/symfony-bundle-advanced.md b/docs/symfony-bundle-advanced.md index c5c4c1db72..bd73d9463c 100644 --- a/docs/symfony-bundle-advanced.md +++ b/docs/symfony-bundle-advanced.md @@ -53,6 +53,8 @@ By default, GraphQLite assumes that your firewall name is "main". This is the de Symfony security bundle so it is likely the value you are using. If for some reason you want to use another firewall, configure the name with `graphqlite.security.firewall_name`. +## Schema and request security + You can disable the introspection of your GraphQL API (for instance in production mode) using the `introspection` configuration properties.