When the GraphQL introspection is enabled, it is possible to query a GraphQL server for information about the underlying schema. Types, fields, queries, and mutations can all be discovered by external users, potentially exposing the entire GraphQL Schema of the application. This leaves the application vulnerable to a variety of security issues. Therefore, while GraphQL introspection can be extremely useful as a discovery and diagnostic tool during the development of the application, it is highly advisable to disable this function on the Cloudlets in the production environment.
From the Dashboard, clicking on the icon on the Cloudlet panel header provides access to the API & Public Urls panel.
In this panel there is a button next to the text Enable introspection. If you havenโt made any changes, the button is green and is in the On state, because GraphQL Schema introspection is enabled by default.
To disable GraphQL introspection, click on the button by moving it to Off as shown in the image below.
