Catch the highlights of GraphQLConf 2023! Click for recordings. Or check out our recap blog post.
Documentation
Plugins
Disable Introspection

Disable Introspection

The disable_introspection plugin allows you to disable introspection for your GraphQL API.

A GraphQL introspection query is a special GraphQL query that returns information about the GraphQL schema of your API.

It it recommended to disable introspection for production environments, unless you have a specific use-case for it.

It can either disable introspection for all requests, or only for requests that match a specific condition (using VRL scripting language).

Configuration

Examples

This example disables introspection for all requests for the configured Endpoint.

YAML

config: {}
enabled: true
type: "disable_introspection"

JSON

{
  "config": {},
  "enabled": true,
  "type": "disable_introspection"
}

Reference

condition
optional

A VRL condition that determines whether to disable introspection for the request. This condition is evaluated only if the incoming GraphQL request is detected as an introspection query.

The condition is evaluated in the context of the incoming request and have access to the metadata field %downstream_http_req (fields: body, uri, query_string, method, headers).

The condition must return a boolean value: return true to continue and disable the introspection, and false to allow the introspection to run.

In case of a runtime error, or an unexpected return value, the script will be ignored and introspection will be disabled for the incoming request.

The following options are valid for this field:
inline

Inline string for a VRL code snippet. The string is parsed and executed as a VRL plugin.

from
literal: inline
required

To use this variation, please specify the type: inline in your configuration.

content
string
required
file

File reference to a VRL file. The file is loaded and executed as a VRL plugin.

from
literal: file
required

To use this variation, please specify the type: file in your configuration.

path
string
required