Site icon API Security Blog

If you pick a random GraphQL framework and run it with default settings in production, disaster is waiting to happen.

2. The double (quintuple) declaration problem#

The next big issue I see are the multiple ways of declaring fields in your schema. If we take a look at the official GraphQL Schema Definition Language specification, there are 5 different ways to declare fields:

type Query { user(id: ID!): User } type Mutation { createUser(input: CreateUserInput!): User } type Subscription { userCreated(userId: ID!, notificationToken: NotificationToken!) : NotificationToken! } type Fragment on User { id, email, username } // ..
https://t.co/kdVDFVY6Ol

Exit mobile version