Max Depth

Limit the depth of a GraphQL document. It is used to prevent too large queries that could lead to overfetching or DOS attack.

Basic Configuration

Hive Gateway ships with the basic “max depth” security features. You can enable it by setting the maxDepth option to true or configure the allowed depth by passing a number to the option.

gateway.config.ts


import { defineConfig } from '@graphql-hive/gateway'
 
export const gatewayConfig = defineConfig({
  maxDepth: true // defaults to 6
})

Advanced Configuration

The built-in configuration options are limited and should be enough for most use-cases. However, if you need more control, you can configure more by installing the GraphQL Armor Max Depth plugin.


npm install @escape.tech/graphql-armor-max-depth


pnpm add @escape.tech/graphql-armor-max-depth


yarn add @escape.tech/graphql-armor-max-depth


bun add @escape.tech/graphql-armor-max-depth

gateway.config.ts


import { maxDepthPlugin } from '@escape.tech/graphql-armor-max-depth'
import { defineConfig } from '@graphql-hive/gateway'
 
export const gatewayConfig = defineConfig({
  plugins: () => [
    maxDepthPlugin({
      // Toggle the plugin | Default: true
      enabled: true,
      // Depth threshold | default: 6
      n: 6,
      // Do you want to propagate the rejection to the client? | default: true
      propagateOnRejection: true,
      // List of queries that are allowed to bypass the plugin
      allowList: [],
 
      /* Advanced options (use here on your own risk) */
 
      // Callbacks that are ran whenever a Query is accepted
      onAccept: [],
 
      // Callbacks that are ran whenever a Query is rejected
      onReject: []
    })
  ]
})