Block Field Suggestions

This is a feature that allows you to prevent returning field suggestions and leaking your schema to unauthorized actors. In production, this can lead to leaking schema information even if the introspection is disabled.

Basic Configuration

Hive Gateway ships with the basic “block field suggestion” security feature. You can enable it by setting the blockFieldSuggestions option to true.

gateway.config.ts


import { defineConfig } from '@graphql-hive/gateway'
 
export const gatewayConfig = defineConfig({
  blockFieldSuggestions: true
})

Advanced Configuration

The built-in configuration options are limited and should be enough for most use-cases. However, if you need more control, you can configure more by installing the GraphQL Armor Block Field Suggestions plugin.


npm install @escape.tech/graphql-armor-block-field-suggestions


pnpm add @escape.tech/graphql-armor-block-field-suggestions


yarn add @escape.tech/graphql-armor-block-field-suggestions


bun add @escape.tech/graphql-armor-block-field-suggestions

gateway.config.ts


import { blockFieldSuggestionsPlugin } from '@escape.tech/graphql-armor-block-field-suggestions'
import { defineConfig } from '@graphql-hive/gateway'
 
export const gatewayConfig = defineConfig({
  plugins: () => [
    blockFieldSuggestionsPlugin({
      // Toggle the plugin | Default: true
      enabled: true,
      // Mask applied to the error message | default: '[Suggestion hidden]'
      mask: '[Suggestion hidden]'
    })
  ]
})