Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit the amount of GraphQL validation errors returned in the response #6187

Merged
merged 3 commits into from
Nov 6, 2024
Merged

Limit the amount of GraphQL validation errors returned in the response #6187

merged 3 commits into from
Nov 6, 2024

Conversation

goto-bus-stop
Copy link
Member

@goto-bus-stop goto-bus-stop commented Oct 23, 2024
edited by jira bot
Loading

A small proposal.

It's possible to craft relatively small queries (within a few dozen KB) that produce tens of thousands of validations errors. The router then needs to spend a bunch of time formatting several megabytes of JSON in response. That's a waste of time.

By limiting the amount of errors we limit the response size and the time spent formatting the response to those queries.

I only applied it to GraphQL parsing and validation errors here. Perhaps it should be a general limit in the router. But for parsing and validation errors I think it's reasonable to silently drop further errors--I'm not sure it's appropriate for every other kind of error.

@goto-bus-stop goto-bus-stop requested review from a team as code owners October 23, 2024 13:49
@svc-apollo-docs
Copy link
Collaborator

svc-apollo-docs commented Oct 23, 2024
edited
Loading

✅ Docs Preview Ready

No new or changed pages found.

@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@router-perf
Copy link

router-perf bot commented Oct 23, 2024

CI performance tests

  • connectors-const - Connectors stress test that runs with a constant number of users
  • const - Basic stress test that runs with a constant number of users
  • demand-control-instrumented - A copy of the step test, but with demand control monitoring and metrics enabled
  • demand-control-uninstrumented - A copy of the step test, but with demand control monitoring enabled
  • enhanced-signature - Enhanced signature enabled
  • events - Stress test for events with a lot of users and deduplication ENABLED
  • events_big_cap_high_rate - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity
  • events_big_cap_high_rate_callback - Stress test for events with a lot of users, deduplication enabled and high rate event with a big queue capacity using callback mode
  • events_callback - Stress test for events with a lot of users and deduplication ENABLED in callback mode
  • events_without_dedup - Stress test for events with a lot of users and deduplication DISABLED
  • events_without_dedup_callback - Stress test for events with a lot of users and deduplication DISABLED using callback mode
  • extended-reference-mode - Extended reference mode enabled
  • large-request - Stress test with a 1 MB request payload
  • no-tracing - Basic stress test, no tracing
  • reload - Reload test over a long period of time at a constant rate of users
  • step-jemalloc-tuning - Clone of the basic stress test for jemalloc tuning
  • step-local-metrics - Field stats that are generated from the router rather than FTV1
  • step-with-prometheus - A copy of the step test with the Prometheus metrics exporter enabled
  • step - Basic stress test that steps up the number of users over time
  • xlarge-request - Stress test with 10 MB request payload
  • xxlarge-request - Stress test with 100 MB request payload

@goto-bus-stop
Limit the amount of GraphQL validation errors returned
a56018f 
It's possible to craft relatively small queries (within a few dozen KB) that produce tens of thousands of validations errors. The router then needs to spend a bunch of time formatting several megabytes of JSON in response. That's a waste of time.

By limiting the amount of errors we limit the response size and the time spent formatting the response to those queries.

I only applied it to GraphQL parsing and validation errors here. Perhaps it should be a general limit in the router. But for parsing and validation errors I think it's reasonable to silently drop further errors--I'm not sure it's appropriate for every other kind of error.
@goto-bus-stop goto-bus-stop requested a review from a team as a code owner October 24, 2024 08:19
@goto-bus-stop goto-bus-stop merged commit 5a868b6 into dev Nov 6, 2024
15 checks passed
@goto-bus-stop goto-bus-stop deleted the renee/limit-errors branch November 6, 2024 08:48
@yanns
Copy link
Contributor

yanns commented Nov 6, 2024

This is a good idea. We did that in the sangria library as well for example:

@abernix abernix mentioned this pull request Nov 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Geal Geal Geal approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@goto-bus-stop @svc-apollo-docs @yanns @Geal