Disable Introspection
The disable_introspection plugin allows you to disable introspection for your GraphQL API.
A GraphQL introspection query is a special GraphQL query that returns information about the GraphQL schema of your API.
It it recommended to disable introspection for production environments, unless you have a specific use-case for it.
It can either disable introspection for all requests, or only for requests that match a specific condition (using VRL scripting language).
Configuration
Examples
This example disables introspection for all requests for the configured Endpoint.
YAML
config: {}
enabled: true
type: "disable_introspection"JSON
{
"config": {},
"enabled": true,
"type": "disable_introspection"
}Reference
conditionA VRL condition that determines whether to disable introspection for the request. This condition is evaluated only if the incoming GraphQL request is detected as an introspection query.
The condition is evaluated in the context of the incoming request and have access to the metadata field %downstream_http_req (fields: body, uri, query_string, method, headers).
The condition must return a boolean value: return true to continue and disable the introspection, and false to allow the introspection to run.
In case of a runtime error, or an unexpected return value, the script will be ignored and introspection will be disabled for the incoming request.
inline
Inline string for a VRL code snippet. The string is parsed and executed as a VRL plugin.
frominlineTo use this variation, please specify the type: inline in your configuration.
contentfile
File reference to a VRL file. The file is loaded and executed as a VRL plugin.
fromfileTo use this variation, please specify the type: file in your configuration.
path