How can I disable graphiql on production but still able to access it on development? With express-graphql we can do something like <pre class="prettyprint"><code>app.use('/graphql', graphqlHTTP({ schema: MySessionAwareGraphQLSchema, graphiql: process.env.NODE_ENV === 'development', })); </code></pre> With apollo server, my setup is <pre class="prettyprint"><code>import {graphqlExpress, graphiqlExpress} from 'graphql-server-express' const app = new Express() app .all('/graphql', bodyParser.json()) .all('/graphql', graphqlExpress({ schema ) .all('/graphiql', graphiqlExpress({ endpointURL: 'http://localhost/graphql' }) ) </code></pre> and I can't find a way to pass to NODE_ENV to enable/disable graphiql.

Do you mean to enable graphiql on development only and disable it on production. If so just exclude the /graphiql handler <pre class="prettyprint"><code>if (process.env.NODE_ENV === 'development') { app.all( '/graphiql', graphiqlExpress({ endpointURL: '/graphql', }), ); } </code></pre>

Here's what I have in a koa setup <pre class="prettyprint lang-js prettyprint-override"><code>export default () => ( convert(graphqlHTTP((req, res, ctx) => ({ schema: require('app/graphql/schema'), context: { ...ctx.app.context, ...ctx.state, }, // Enable graphql for development environments only graphiql: config.environment === 'development', formatError: error => ({ message: error.message, stack: error.stack, locations: error.locations, }), }))) ) </code></pre> Note <code>graphiql: config.environment === 'development',</code> from here you could pass a custom environment variable and start your app with it. <pre class="prettyprint"><code>ENABLE_GRAPHIQL=true NODE_ENV=production npm start_my_server </code></pre> Depending on how you manage your environment variables, you could change the expression to <pre class="prettyprint"><code>graphiql: myEnv.ENABLE_GRAPHIQL || myEnv.environment === 'development', </code></pre> FWIW you should not be enabling graphiql in production

disable graphiql on production

How can I disable graphiql on production but still able to access it on development?

With express-graphql we can do something like

app.use('/graphql', graphqlHTTP({
  schema: MySessionAwareGraphQLSchema,
  graphiql: process.env.NODE_ENV === 'development',
}));

With apollo server, my setup is

import {graphqlExpress, graphiqlExpress} from 'graphql-server-express'

const app = new Express()

app
  .all('/graphql', bodyParser.json())
  .all('/graphql', graphqlExpress({
      schema
  )
  .all('/graphiql', graphiqlExpress({
      endpointURL: 'http://localhost/graphql'
    })
  )

and I can't find a way to pass to NODE_ENV to enable/disable graphiql.

Should I disable GraphQL introspection?

GraphQL introspection is primarily for GraphQL developer tooling. Leaving introspection on in production exposes potential issues like exposing sensitive information and enables malicious parties to more easily discover graph vulnerabilities.

How do I disable GraphQL introspection query?

If you are using graphql-spring-boot, according to the graphql-java-tools README, you can disable the introspection query by setting the graphql. tools. introspection-enabled property to false in your application.

How do I disable playground in GraphQL?

GraphQL Playground You can disable it if you want in the configuration: # api/config/packages/api_platform. yaml api_platform: graphql: graphql_playground: enabled: false # ...

What is GraphiQL used for?

Overview. GraphQL is a query language and server-side runtime for application programming interfaces (APIs) that prioritizes giving clients exactly the data they request and no more. GraphQL is designed to make APIs fast, flexible, and developer-friendly.

Do you mean to enable graphiql on development only and disable it on production. If so just exclude the /graphiql handler

if (process.env.NODE_ENV === 'development') {
  app.all(
    '/graphiql',
    graphiqlExpress({
      endpointURL: '/graphql',
    }),
  );
}

Here's what I have in a koa setup

export default () => (
  convert(graphqlHTTP((req, res, ctx) => ({
    schema: require('app/graphql/schema'),
    context: {
      ...ctx.app.context,
      ...ctx.state,
    },

    // Enable graphql for development environments only
    graphiql: config.environment === 'development',


    formatError: error => ({
      message: error.message,
      stack: error.stack,
      locations: error.locations,
    }),
  })))
)

Note graphiql: config.environment === 'development', from here you could pass a custom environment variable and start your app with it.

ENABLE_GRAPHIQL=true NODE_ENV=production npm start_my_server

Depending on how you manage your environment variables, you could change the expression to

graphiql: myEnv.ENABLE_GRAPHIQL || myEnv.environment === 'development',

FWIW you should not be enabling graphiql in production

disable graphiql on production

Tags:

apollo-server

spondbob

People also ask

2 Answers

Firdaus Ramlan

lfender6445

Recent Activity

Donate For Us

disable graphiql on production

Tags:

apollo-server

spondbob

People also ask

2 Answers

Firdaus Ramlan

lfender6445

Related questions

Recent Activity

Donate For Us