-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add dangerouslyDisableValidation option to @apollo/server #7786
Conversation
👷 Deploy request for apollo-server-docs pending review.Visit the deploys page to approve it
|
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit c44698a:
|
docs/source/api/apollo-server.mdx
Outdated
@@ -199,6 +199,21 @@ An array containing custom functions to use as additional [validation rules](htt | |||
<tr> | |||
<td> | |||
|
|||
###### `disableValidation` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd consider giving this a name like dangerouslyDisableValidation
(like React — I'm not sure if we have examples of similar names in Apollo Server or other Apollo projects already), and give more context on potential side effects. My vague recollection is that graphql-js execution (and perhaps aspects of Apollo Server like the plugin system or usage reporting) does assume that some of the validations have been run and that this can have highly unexpected effects at runtime (certainly including security issues if you are assuming that values have expected types).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure - I'm fine with that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated
Could you document the use case of this somewhere? Would be useful to understand a bit more about when and why this option might be necessary |
Validation can be pretty slow, especially for large operations. In our case we have a federation gateway server that validates the query anyway, so we end up doing validation twice. We hope to see some performance improvements by disabling validation for federated services. |
Ah that makes sense, thanks for the response! |
@rupert648 it's worth mentioning that validation is a cached operation, so you should only expect to perform validation for a given query one time during the life of a server instance (assuming you haven't exceeded the size of the cache and started evicting entries). |
Yep thank you, assuming @ganemone has subgraphs in a serverless environment where local caching of the validation isn't as effective. Thanks for taking the time to respond! |
I added an additional note in the docs: 2babd5b |
This adds a
disableValidation
option to @apollo/server which will skip the validation step for graphql operations.