Question? Give us feedback →Edit this page on GitHub
  • Docs
  • Advanced
  • Whitelisting

Whitelisting vs Blacklisting

⚠️

Whitelisting/Blacklisting is no longer available in versions after 3.x.x, and has been replaced with fallbackRule.

Shield allows you to lock-in your schema. This way, you can seamlessly develop and publish your work without worrying about exposing your data. To lock in your service simply set fallbackRule to deny like this:

const typeDefs = /* GraphQL */ `
  type Query {
    users: [User!]!
    newFeatures: FeaturesConnection!
  }
 
  type User {
    id: ID!
    name: String!
    author: Author!
  }
 
  type Author {
    id: ID!
    name: String!
    secret: String
  }
`
 
const permissions = shield(
  {
    Query: {
      users: allow,
    },
    User: allow,
    Author: {
      id: allow,
      name: allow,
    },
  },
  { fallbackRule: deny },
)

You can achieve same functionality by setting every "rule-undefined" field to deny the request.

Last updated on November 23, 2022
ErrorsReference