graphql-java-tools icon indicating copy to clipboard operation
graphql-java-tools copied to clipboard

Published 20 hours ago verified publisher icon graphql-java-kickstart

Disabling introspection by introspectionEnabled

Open BergJonatan opened this issue 4 years ago • 0 comments

Description

Disabling introspection by setting introspectionEnabled to false does not work

Expected behavior

Field types that starts with __ is blocked and not exposed.

Actual behavior

Field types such as __typename is included in the response

Steps to reproduce the bug

  1. Create GraphQLSchema bean where you return something like this: return SchemaParser .newParser() .file(GRAPHQL_SCHEMA) .resolvers( new RootResolver(someStorage), new SomeOtherResolver(anotherService) ) .dictionary(SomeGraphQlType.getName(), SomeGraphQlType.class) .scalars(JsonObjectScalar.JSON) .options(SchemaParserOptions.newOptions().introspectionEnabled(false).build()) .build() .makeExecutableSchema();
  2. Make a graphql query that returns a type
  3. Confirm that the __typename information exists

BergJonatan avatar Apr 20 '21 14:04 BergJonatan