Hey,
so if I understand it right, every graphql request is a POST request to the route (in my dev case):
http://localhost:3000/graphql?
That is somehow cool but also scary, especially the fact that this route also exposes all information about my graphql solution/structure eg:
the__schema
request like this:
http://localhost:3000/graphql?query={ __schema { queryType { kind fields { name args { name description defaultValue } type { kind name description } } } }}
will expose all informations about my schema. So everyone knows exactly how to design the requests. Isn’t that somehow a security issue? I mean in development this is very cool, but in production, everyone can easily get my whole database… Can I turn this off? Or should I care about this?
I am still a very beginner in web dev and maybe I am just missing something, so please point me into the right direction.