Spectrum: /api is exposed (GraphQL playground)

Created on 1 Dec 2018  路  5Comments  路  Source: withspectrum/spectrum

Issue Type

  • [X] Bug Report

https://spectrum.chat/api exposes a GraphQL playground. I'm pretty sure that's not intended.

playground

Bug good first issue (taken)

Most helpful comment

You're right, we should be disabling that! We disable introspection, so there isn't really much you can do with it though.

All 5 comments

You're right, we should be disabling that! We disable introspection, so there isn't really much you can do with it though.

@mxstbr is it still issue ?? can i pick it ??

Yes please do @dev-drprasad! :pray:

@mxstbr what about completely disabling playground ?
something like:

  playground: process.env.NODE_ENV !== 'production' && {
    settings: {
      'editor.theme': 'light',
    },
    tabs: [
      {
        endpoint: 'http://localhost:3001/api',
        query: `{
  user(username: "mxstbr") {
    id
    username
  }
}`,
      },
    ],
  },
  introspection: process.env.NODE_ENV !== 'production',

introspection is disabled by default in production but i added condition for sanity.
playground-disabled
Ref: https://www.apollographql.com/docs/apollo-server/features/graphql-playground.html

Yes sounds great!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

mxstbr picture mxstbr  路  3Comments

mxstbr picture mxstbr  路  4Comments

davidluhr picture davidluhr  路  3Comments

brianlovin picture brianlovin  路  3Comments

zefexdeveloper picture zefexdeveloper  路  5Comments