Skip to content

Latest commit

 

History

History
125 lines (117 loc) · 11.9 KB

graphql-api-for-wp.md

File metadata and controls

125 lines (117 loc) · 11.9 KB
Raw

GraphQL API for WordPress

Table of Contents

About

Language: php
Source: https://github.com/leoloso/PoP
Documentation: https://graphql-api.com/

Security Considerations

GraphQL API for WordPress provides the following features which should be taken into consideration:

Field Suggestions Query Depth Limit Query Cost Analysis Automatic Persisted Queries Introspection Debug Mode Batch Requests
⚠️
Disabled by Default
No Support
No Support
Enabled by Default
Enabled by Default		 ⚠️
Disabled by Default
Enabled by Default

Request Validations

Total Validation Count: 37

GraphQL API for WordPress validates the following checks when a query is sent:

Document Validations Operation Validations Field Validations Argument Validations Fragment Validations Value Validations Directive Validations Variable Validations Misc. Validations
(Executable Definitions) Lone Anonymous Operation Fields on Correct Type Known Argument Names Fragments On Composite Types Known Type Names Known Directives No Undefined Variables Disable Single Endpoint, Obfuscate Endpoint Path
(Lone Schema Definition) Unique Operation Names Unique Input Field Names Known Argument Names On Directives Known Fragment Names (Possible Type Extensions) Repeatable Directives No Unused Variables Disable Introspection
Known Operation Names Provided Required Arguments No Fragment Cycles Unique Enum Value Names Unique Variable Names Dynamic Variable Has Value Exported
Operation Name Provided When Multiple Operations in Document Unique Argument Names No Unused Fragments Values Of Correct Type Variables In Allowed Position Enum Value Must Be String
Operation Provided In Document Leaf Field Selections Provided Required Arguments On Directives Possible Fragment Spreads Provided Required Inputs On Input Objects No Field Or Directive Was Found With Required Version Constraint
@oneOf Input Object Must Receive Exactly 1 Input Value (Spec RFC Stage 2) Unique Fragment Names Enum Value is Not Valid A Directive's Behavior Can Be Modified By At Most 1 Other Directive

Security Disclosure

https://graphql-api.com/contact/