Expose “sensitive” data elements in the GraphQL schema, which provide access to potentially private user data.
The GraphQL schema must strike a balance between public and private elements (including fields and input fields), as to avoid exposing private information in a public API.
For instance, to access post data, we have field Root.posts
, which by default can only retrieve published posts. With this module, a new option Expose Sensitive Data in the Schema
is added to the Schema Configuration. When enabled, argument filter
in Root.posts
exposes an additional input status
, enabling to retrieve non-published posts (eg: posts with status "draft"
), which is private data.
By default, the following data elements are treated as “sensitive” (they can also be configured as “normal” in the Settings page for the corresponding module; see below):
User:
email
roles
capabilities
Custom Posts:
status
hasPassword
password
Comments:
status
The isSensitiveDataElement
property is added to field extensions
when doing schema introspection. To find out which are the “sensitive” data elements from the schema, execute this query:
query ViewSensitiveDataElements {
__schema {
types {
name
fields {
name
extensions {
isSensitiveDataElement
}
args {
name
extensions {
isSensitiveDataElement
}
}
}
inputFields {
name
extensions {
isSensitiveDataElement
}
}
enumValues {
name
extensions {
isSensitiveDataElement
}
}
}
}
}
And then search for entries with "isSensitiveDataElement": true
in the results.
The elements listed above can be made public.
In the Settings page, in the corresponding tab for each, there is a checkbox to configure if to treat them as “sensitive” or “normal”:
Exposing “sensitive” data elements in the schema can be configured as follows, in order of priority:
✅ Specific mode for the custom endpoint or persisted query, defined in the schema configuration
✅ Default mode, defined in the Settings
If the schema configuration has value "Default"
, it will use the mode defined in the Settings:
In the Settings, we can select to add the “sensitive” data elements to the wp-admin's GraphiQL and Interactive Schema clients:
Use whenever exposing private information is allowed, such as when building a static website, fetching data from a local WordPress instance (i.e. not a public API).