Today, we're excited to introduce our first (of hopefully many!) highly requested security feature.

One of the most common attacks malicious actors do to GraphQL APIs is sending deeply nested queries to overload the server and/or database. For example, imagine a CMS with a Post that has Comments:

query maliciousQuery {
  allPosts {
    comments {
      post {
        comments {
          post {
            comments {
              post {
                # ...repeat times 10000...
              }
            }
          }
        }
      }
    }
  }
}

DataLoader can prevent some of these queries from taking up too many server resources, but not all of them.

As of today, GraphCDN analyses incoming queries and blocks them if they are nested too deeply. Since GraphCDN sits at the edge, your origin server will never have to deal with these malicious queries!

You can configure your service's query depth limiting on the "Security" tab of the dashboard: