graphQLProtection
Description
Check GraphQL-over-HTTP requests, enforcing several limits and/or restrictions. This effectively helps to reduce the attack surface. GraphQL Specification "October2021" is used. (But GraphQL only covers formulation of Documents/Queries.) GraphQL-over-HTTP, which specifies how to submit GraphQL queries via HTTP, has not been released/finalized yet. We therefore use Version a1e6d8ca . Only GraphQL documents conforming to the 'ExecutableDocument' of the grammar are allowed: This includes the usual 'query', 'mutation', 'subscription' and 'fragment's.
Can be used in
spring:beans, api, bean, if, interceptor, internalProxy, proxy, registration, request, response, serviceProxy, soapProxy, stompProxy, swaggerProxy, transport and wsStompReassembler
Attributes
Name | Required | Default | Description | Example |
---|---|---|---|---|
allowExtensions | false | false | true | |
allowedMethods | false | GET,POST | ||
maxDepth | false | - | ||
maxRecursion | false | - |