Details
-
Story
-
Resolution: Unresolved
-
Medium
-
None
-
2.5.0-rc2
Description
Right now the GraphQL bundle uses minimal configuration, it could be improved with:
- automatically disabling introspection in prod (https://github.com/overblog/GraphQLBundle/blob/master/docs/security/disable_introspection.md)
I think we should also at least mention in the doc (or provide some defaults in prod)
- limiting the query complexity:
https://github.com/overblog/GraphQLBundle/blob/master/docs/security/query-complexity-analysis.md