How can I disable graphiql on production but still able to access it on development?
With express-graphql we can do something like
app.use('/graphql', graphqlHTTP({
schema: MySessionAwareGraphQLSchema,
graphiql: process.env.NODE_ENV === 'development',
}));
With apollo server, my setup is
import {graphqlExpress, graphiqlExpress} from 'graphql-server-express'
const app = new Express()
app
.all('/graphql', bodyParser.json())
.all('/graphql', graphqlExpress({
schema
)
.all('/graphiql', graphiqlExpress({
endpointURL: 'http://localhost/graphql'
})
)
and I can't find a way to pass to NODE_ENV to enable/disable graphiql.
GraphQL introspection is primarily for GraphQL developer tooling. Leaving introspection on in production exposes potential issues like exposing sensitive information and enables malicious parties to more easily discover graph vulnerabilities.
If you are using graphql-spring-boot, according to the graphql-java-tools README, you can disable the introspection query by setting the graphql. tools. introspection-enabled property to false in your application.
GraphQL Playground You can disable it if you want in the configuration: # api/config/packages/api_platform. yaml api_platform: graphql: graphql_playground: enabled: false # ...
Overview. GraphQL is a query language and server-side runtime for application programming interfaces (APIs) that prioritizes giving clients exactly the data they request and no more. GraphQL is designed to make APIs fast, flexible, and developer-friendly.
Do you mean to enable graphiql on development only and disable it on production. If so just exclude the /graphiql handler
if (process.env.NODE_ENV === 'development') {
app.all(
'/graphiql',
graphiqlExpress({
endpointURL: '/graphql',
}),
);
}
Here's what I have in a koa setup
export default () => (
convert(graphqlHTTP((req, res, ctx) => ({
schema: require('app/graphql/schema'),
context: {
...ctx.app.context,
...ctx.state,
},
// Enable graphql for development environments only
graphiql: config.environment === 'development',
formatError: error => ({
message: error.message,
stack: error.stack,
locations: error.locations,
}),
})))
)
Note graphiql: config.environment === 'development',
from here you could pass a custom environment variable and start your app with it.
ENABLE_GRAPHIQL=true NODE_ENV=production npm start_my_server
Depending on how you manage your environment variables, you could change the expression to
graphiql: myEnv.ENABLE_GRAPHIQL || myEnv.environment === 'development',
FWIW you should not be enabling graphiql in production
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With