graphql-disable-introspection-with-exceptions
Disable Introspection in GraphQL-JS with a simple validation rule, but add exceptions for certain safe types
Extends the graphql-disable-introspection package that is used by default in the production mode of Apollo Server.
Queries that contain __schema or __type will fail validation with this rule, unless the certain type is passed in to this factory as an exception.
Usage
The package can be installed from npm
npm install -save graphql-disable-introspection
It exports a factory function that returns a single validation rule which you can pass to your node GraphQL server with the validationRules argument.
Apollo Server Example
const ApolloServer gql = ;const disableIntrospectionExcept = ... const server = typeDefs resolvers // allow introspection by default in production introspection: true validationRules: // disable queries that contain __schema or __type, whilst allowing __type queries for the UserStatus enum ;
This will now allow me to expose the UserStatus Enum values for use in the frontend
query getUserStatusEnumValues { __type(name: "UserStatus") { name enumValues { name } }}