如何在单个 graphql 请求中禁用多个操作

编程问答 2022-05-23

问题描述

Graphql 支持单个请求中的多个操作。这意味着可以在单个 HTTP 请求中提交无限数量的 graphql 查询,这将导致一些安全问题。有没有办法只允许单个 graphql 请求中的单个操作?

解决方法

您可以限制查询次数,如下所示

app.use('*',(req,res,next) => {
  const query = req.query.query || req.body.query || '';
  if (query.length > 1) {
    throw new Error('Only One Query allowed');
  }
  next();
});
express-graphqlgraphql

相关问答

matplotlib报错:AttributeError: module 'backend_interagg' has no attribute 'FigureCanvas'. Did you mean: 'FigureCanvasAgg'?
使用本地python环境可以成功执行 import pandas as pd impor...
gitlab登录失败,报错:This challenge page was accidentally cached by an intermediary and is no longer available.
设置时间 控制面板
后端开发常见错误
错误1:Request method ‘DELETE‘ not supported 错误还原:...
docker常见错误
错误1:启动docker镜像时报错:Error response from daemon:...
idea常见错误
错误1:private field ‘xxx‘ is never assigned 按Alt...
pip安装依赖失败
报错如下,通过源不能下载,最后警告pip需升级版本 Requirem...