From 906b847592212e9c85f19d6a7c3c4219160b5436 Mon Sep 17 00:00:00 2001 From: nullswan Date: Wed, 29 May 2024 19:36:01 +0200 Subject: [PATCH] chore: add allowlist to the max aliases documentation (#660) --- .../docs/docs/plugins/block-field-suggestions.md | 13 +++++++------ services/docs/docs/plugins/cost-limit.md | 11 ++++++----- services/docs/docs/plugins/max-aliases.md | 14 +++++++++----- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/services/docs/docs/plugins/block-field-suggestions.md b/services/docs/docs/plugins/block-field-suggestions.md index 343142ae..c51195c4 100644 --- a/services/docs/docs/plugins/block-field-suggestions.md +++ b/services/docs/docs/plugins/block-field-suggestions.md @@ -5,12 +5,13 @@ Prevent **returning field suggestions** and **leaking your schema** to unauthori In production, this can lead to Schema leak even if the introspection is disabled. -- [Configurating through GraphQL Armor](#configuring-for-graphql-armor) -- [Standalone usage](#standalone-usage) - - [Installation](#installation) - - [With `@envelop/core` from `@the-guild-org`](#with-envelopcore-from-the-guild-org) - - [Using the default mask](#using-the-default-mask) - - [Using custom mask](#using-custom-mask) +- [Block field suggestions](#block-field-suggestions) + - [Configuring for GraphQL Armor](#configuring-for-graphql-armor) + - [Standalone usage](#standalone-usage) + - [Installation](#installation) + - [With `@envelop/core` from `@the-guild-org`](#with-envelopcore-from-the-guild-org) + - [Using the default mask](#using-the-default-mask) + - [Using custom mask](#using-custom-mask) ## Configuring for GraphQL Armor diff --git a/services/docs/docs/plugins/cost-limit.md b/services/docs/docs/plugins/cost-limit.md index d0c49fb7..034f0925 100644 --- a/services/docs/docs/plugins/cost-limit.md +++ b/services/docs/docs/plugins/cost-limit.md @@ -2,11 +2,12 @@ **Limit** the **complexity** of a GraphQL document. -- [Configurating through GraphQL Armor](#configuring-for-graphql-armor) -- [Standalone usage](#standalone-usage) - - [Installation](#installation) - - [With `@graphql/graphql-js`](#with-graphqlgraphql-js) - - [With `@envelop/core` from `@the-guild-org`](#with-envelopcore-from-the-guild-org) +- [Cost limit](#cost-limit) + - [Configuring for GraphQL Armor](#configuring-for-graphql-armor) + - [Standalone usage](#standalone-usage) + - [Installation](#installation) + - [With `@graphql/graphql-js`](#with-graphqlgraphql-js) + - [With `@envelop/core` from `@the-guild-org`](#with-envelopcore-from-the-guild-org) ## Configuring for GraphQL Armor diff --git a/services/docs/docs/plugins/max-aliases.md b/services/docs/docs/plugins/max-aliases.md index 07ab5994..2cfab6f7 100644 --- a/services/docs/docs/plugins/max-aliases.md +++ b/services/docs/docs/plugins/max-aliases.md @@ -4,11 +4,12 @@ It is used to prevent **DOS attack** or **heap overflow**. -- [Configurating through GraphQL Armor](#configuring-for-graphql-armor) -- [Standalone usage](#standalone-usage) - - [Installation](#installation) - - [With `@graphql/graphql-js`](#with-graphqlgraphql-js) - - [With `@envelop/core` from `@the-guild-org`](#with-envelopcore-from-the-guild-org) +- [Max Aliases](#max-aliases) + - [Configuring for GraphQL Armor](#configuring-for-graphql-armor) + - [Standalone usage](#standalone-usage) + - [Installation](#installation) + - [With `@graphql/graphql-js`](#with-graphqlgraphql-js) + - [With `@envelop/core` from `@the-guild-org`](#with-envelopcore-from-the-guild-org) ## Configuring for GraphQL Armor @@ -29,6 +30,9 @@ GraphQLArmorConfig({ // Do you want to propagate the rejection to the client? | default: true propagateOnRejection?: boolean, + + // List of queries that are allowed to bypass the plugin + allowList?: string[], } }) ```