Skip to content

Warning: Apollo Server >= 2.4 caches validation result #32

New issue
New issue
Open
Open
Warning: Apollo Server >= 2.4 caches validation result#32
@ravangen

Description

@ravangen
ravangen
opened on Aug 13, 2019

A feature added to Apollo Server 2.4 (apollographql/apollo-server#2111) introduces a document store that caches successfully parsed and validated documents for future requests (LRU).

This can lead to a case where a query with good variables passes the dynamic validation cost check (see #12) and subsequent requests with the same query but different, larger variables would not trigger the validation rule due to the usage of the cache.

I don't have a sample reproduction repository, but here is an example with maximumCost: 10:

Schema:

type Query {
  "List businesses."
  businesses(page: Int! = 1, pageSize: Int! = 10): BusinessConnection
    @cost(complexity: 1, multipliers: ["pageSize"])
}

Query:

query ($pageSize: Int! = 10) {
  businesses(pageSize: $pageSize) {
    edges {
      node {
        id
        name
      }
    }
  }
}

First request query variables (validation is run) - passes validation:

{
  "pageSize": 10
}

Second request query variables (validation is skipped) - should fail validation but passes

{
  "pageSize": 100
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions