Alpha9
Reputation: 121
How to disable Hasura schema introspection?
I am going to publish my app in production. Currently, I am trying to disable the database schema introspection in Hasura core. I tried to download the metadata and add the following to the file
"graphql_schema_introspection": {
"disabled_for_roles": [
"user"
]
}
It doesn't work. But I try in Hasura cloud, it's worked. Maybe this feature is only in Hasura cloud, not Hasura core.
Is there any alternative way to disable the schema introspection in Hasura core?
Upvotes: 3
Views: 1391
Answers (2)
Michael
Reputation: 422
Available on: Cloud Free, Cloud Professional, Cloud Enterprise, Self-Hosted Enterprise
Upvotes: 0
Alex Yu
Reputation: 3537
You need to activate AllowList and introspection queries automatically becomes not allowed query.
You will need to add introspection queries into AllowList to enable them.
Notes:
- you can't disallow introspection for
adminrole. That's reasonable: applications must not work inadminrole anyway. - you can't allow for one role and disallow for another: allow lists are not defined per role
Upvotes: 3
Related Questions
- Disable GraphQL Introspection in graphql-java-tools
- How to make schema less titan graph?How to set schema-default property?
- Hasura GraphQL Type Error Inconsistent Object
- How to execute graphql query for a specific schema in hasura?
- Remove custom directives from schema before loading
- Remove role in Hasura
- Can I change the Hasura Graphql Endpoint?
- Hasura SELECT permissions for table relationships
- Is there any way to setup permission for entire schema (entire tables) in Hasura graphql instead of giving permission to each table?
- How Hasura works when a graphql query is sent to it?