Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.

AEM 6.5 | Persistent query updated with Graphql Introspection query

Avatar

Level 4

Hi,

 

I noticed that my persistent queries are getting updated with Graphql introspection query. Not sure what the reason could be but this is happening even with untouched old persistent queries as well. Wondering if anyone noticed a similar behavior and share if there is any way to avoid this issue. Thanks in advance.

 

 

 

6 Replies

Avatar

Community Advisor

It might be a possibility that you have clicked on the "save" button, or accidentally pressed CTRL + S

Avatar

Community Advisor

Hi @MukeshAEM,

 

By default any unauthenticated user can analyze GrapQL schema using Introspection. Introspection allows us to get information about all the Requests, Mutations, Subscriptions, and Data Types and all other things that are made available to the clients making requests. This information is easily available by requesting ___schema meta-field, which, according to the specification, is always available to the query of the “root” type.

 

You need to disable this feature, please refer to this article - https://lab.wallarm.com/why-and-how-to-disable-introspection-query-for-graphql-apis/

 

Thanks,

Chitra

Avatar

Level 4

Thanks, @BrianKasingli @ChitraMadan for your responses. I'm wondering what might be the reason for this issue where actual queries are getting replaced with Introspection queries. We are creating the persistent queries locally using the postman web version and deploying it using packages. I have noticed this issue in my local as well as in higher environments like Dev and Stage.

Avatar

Level 2

also encountered the same problem, how do u solve it?

Avatar

Level 4

We're unable to identify a fix for that so implemented a strict policy to create persistent queries only through code deployment.

Avatar

Level 2

through code deployment means not using GraphQL API and writing the code to query content?

 

I use GraphQL and execute persist the query, but find sometimes my persisted query will auto-update to the introspection query.