Before deploying your GraphQL app to production you should disable
They can reveal sensitive information (e.g. internal business logic)
They make it easier for malicious parties to reverse engineer your GraphQL API
GraphiQL is useful during testing and development but should be disabled in production by default.
It can be turned off by setting the
graphiql option to
See the Strawberry Options documentation for the integration you are using for more information on how to disable it:
Introspection should primarily be used as a discovery and diagnostic tool for testing and development, and should be disabled in production by default.
You can disable introspection by adding a validation rule extension.
You may also want to limit the query depth of GraphQL operations, which can be done via an extension
See the documentation for the integration you are using for more information on deployment: