Max Depth
Limit the depth of a GraphQL document. It is used to prevent too large queries that could lead to overfetching or DOS attack.
Basic Configuration
Powered by GraphQL Armor.
Hive Gateway ships with the basic “max depth” security features. You can enable it by setting the
maxDepth option to true or configure the allowed depth by passing a number to the option.
gateway.config.ts
import { defineConfig } from '@graphql-hive/gateway'
 
export const gatewayConfig = defineConfig({
  maxDepth: true // defaults to 6
})Advanced Configuration
The built-in configuration options are limited and should be enough for most use-cases. However, if you need more control, you can configure more by installing the GraphQL Armor Max Depth plugin.
npm install @escape.tech/graphql-armor-max-depthgateway.config.ts
import { maxDepthPlugin } from '@escape.tech/graphql-armor-max-depth'
import { defineConfig } from '@graphql-hive/gateway'
 
export const gatewayConfig = defineConfig({
  plugins: () => [
    maxDepthPlugin({
      // Toggle the plugin | Default: true
      enabled: true,
      // Depth threshold | default: 6
      n: 6,
      // Do you want to propagate the rejection to the client? | default: true
      propagateOnRejection: true,
      // List of queries that are allowed to bypass the plugin
      allowList: [],
 
      /* Advanced options (use here on your own risk) */
 
      // Callbacks that are ran whenever a Query is accepted
      onAccept: [],
 
      // Callbacks that are ran whenever a Query is rejected
      onReject: []
    })
  ]
})Last updated on