Merge branch 'master' into storefront-nuxt

feat(graphql): make max query depth configurable with environment variable
allow setting `GRAPHQL_MAX_QUERY_DEPTH` via environment variable to provide flexibility in limiting query depth and preventing DoS attacks. Defaults to 13 if not set.
2026-03-02 00:46:00 +03:00 · 2026-03-02 00:45:42 +03:00
1 changed files with 4 additions and 2 deletions
--- a/schon/graphql_validators.py
+++ b/schon/graphql_validators.py
@ -1,3 +1,5 @@
+from os import getenv
+
 from graphql import GraphQLError
 from graphql.language.ast import (
    FieldNode,
@ -8,7 +10,7 @@ from graphql.language.ast import (
 )
 from graphql.validation import ValidationRule

-MAX_QUERY_DEPTH = 8
+MAX_QUERY_DEPTH = getenv("GRAPHQL_MAX_QUERY_DEPTH", 13)


 def _max_field_depth(node, fragments, depth=0):
@ -36,7 +38,7 @@ def _selection_depth(node, fragments, depth):


 class QueryDepthLimitRule(ValidationRule):
-    """Prevents DoS via deeply nested GraphQL queries (max depth: 8)."""
+    """Prevents DoS via deeply nested GraphQL queries (max depth: 13)."""

    def enter_document(self, node, *_args):
        fragments = {
Author	SHA1	Message	Date
Egor fureunoir Gorbunov	56688c9c09	Merge branch 'master' into storefront-nuxt	2026-03-02 00:46:00 +03:00
Egor fureunoir Gorbunov	cffbaf66b3	feat(graphql): make max query depth configurable with environment variable allow setting `GRAPHQL_MAX_QUERY_DEPTH` via environment variable to provide flexibility in limiting query depth and preventing DoS attacks. Defaults to 13 if not set.	2026-03-02 00:45:42 +03:00