| ▲ | fgkramer 2 days ago | ||||||||||||||||
But has this been thoroughly documented and are there solid libraries to achieve this? My understanding is that this is not part of the spec and that the only way to achieve this is to sign/hash documents on clients and server to check for correctness | |||||||||||||||||
| ▲ | verdverm 2 days ago | parent | next [-] | ||||||||||||||||
Well, it seems that the Apollo way of doing it now, via their paid GraphOS, is backwards of what I learned 8 years ago (there is always more than one way to do things in CS). At build time, the server generates a random string resolver names that map onto queries, 1-1, fixed, because we know exactly what we need when we are shipping to production. Clients can only call those random strings with some parameters, the graph is now locked down and the production server only responds to the random string resolver names Flexibility in dev, restricted in prod | |||||||||||||||||
| ▲ | girvo 2 days ago | parent | prev [-] | ||||||||||||||||
I mean yeah, in that Persisted Queries are absolutely documented and expected in production on the Relay side, and you’re a hop skip and jump away from disallowing arbitrary queries at that point if you want to Though you still don’t need to and shouldn’t. Better to use the well defined tools to gate max depth/complexity. | |||||||||||||||||
| |||||||||||||||||