The Framework and GraphQl module di.xml files define several security-related configuration values that you must review to ensure they align with the types of mutations and queries that you run.
GraphQl module configuration
The GraphQl/etc/di.xml file contains two arguments that can be overridden to enhance security and prevent performance bottlenecks.
- queryDepth – Defines the maximum depth of nodes that the query can return. The default value is 20
- queryComplexity – Defines the maximum number of fields, objects, and fragments that a query can contain. The default value is 300
To set custom values for queryDepth and queryComplexity create the file Module/etc/di.xml and add the below-mentioned code.
<type name="Magento\Framework\GraphQl\Query\QueryComplexityLimiter">
<arguments>
<argument name="queryDepth" xsi:type="number">10</argument>
<argument name="queryComplexity" xsi:type="number">250</argument>
</arguments>
</type>
Now, You just need to clean the cache and execute graphQl query to check the result.
php bin/magento c:c
If depth and complexity are higher than the set limit. Then, it will return an error.
{
"errors": [
{
"message": "Max query depth should be 10 but got 30.",
"extensions": {
"category": "graphql"
}
}
]
}
You may also check our quality Magento 2 Extensions.
Be the first to comment.