docs(graphql): support laravel for max_query_depth & max_query_comple…

…xity
api-platform · Jan 15, 2025 · 59da0de · 59da0de
1 parent 8ef174f
commit 59da0de
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 4 deletions.
diff --git a/core/configuration.md b/core/configuration.md
@@ -156,10 +156,10 @@ api_platform:
         # The nesting separator used in the filter names.
         nesting_separator: _
 
-        # The maximum query depth. Set to 0 to disable it. Look at http://webonyx.github.io/graphql-php/security/#limiting-query-depth
+        # The maximum query depth. Set to 0 to disable it. Look at https://webonyx.github.io/graphql-php/security/#limiting-query-depth
         max_query_depth: 20
 
-        # The maximum query complexity. Set to 0 to disable it. Look at http://webonyx.github.io/graphql-php/security/#query-complexity-analysis
+        # The maximum query complexity. Set to 0 to disable it. Look at https://webonyx.github.io/graphql-php/security/#query-complexity-analysis
         max_query_complexity: 500
 
         collection:
@@ -551,6 +551,12 @@ return [
 
         // The nesting separator used in the filter names.
         'nesting_separator' => '_',
+
+        // The maximum query depth. Set to 0 to disable it. Look at https://webonyx.github.io/graphql-php/security/#limiting-query-depth
+        'max_query_depth' => 20,
+
+        // The maximum query complexity. Set to 0 to disable it. Look at https://webonyx.github.io/graphql-php/security/#query-complexity-analysis
+        'max_query_complexity' => 500,
 
         'collection' => [
             'pagination' => [

diff --git a/core/graphql.md b/core/graphql.md
@@ -256,7 +256,7 @@ return [
 
 ## Change Max Query Depth
 
-For security reason, the max query depth should be limited to avoid deep queries. It's set to 100 by default.
+For security reason, the max query depth should be limited to avoid deep queries. **It's set to 100 by default**.
 
 ### Symfony config to change the Max Query Depth
 
@@ -270,9 +270,24 @@ api_platform:
 # ...
 ```
 
+### Laravel config to change the Max Query Depth
+
+If you need to change it, it can be done in the configuration:
+
+```php
+<?php
+// config/api-platform.php
+return [
+    // ....
+    'graphql' => [
+        'max_query_depth' => 7,
+    ],
+];
+```
+
 ## Change Max Query Complexity
 
-For security reason, the max query complexity should be limited to avoid complex queries. It's set to 100 by default.
+For security reason, the max query complexity should be limited to avoid complex queries. **It's set to 100 by default**.
 
 ### Symfony config to change the Max Query Complexity
 
@@ -286,6 +301,21 @@ api_platform:
 # ...
 ```
 
+### Laravel config to change the Max Query Complexity
+
+If you need to change it, it can be done in the configuration:
+
+```php
+<?php
+// config/api-platform.php
+return [
+    // ....
+    'graphql' => [
+        'max_query_complexity' => 50,
+    ],
+];
+```
+
 ## Request with `application/graphql` Content-Type
 
 If you wish to send a [POST request using the `application/graphql` Content-Type](https://graphql.org/learn/serving-over-http/#post-request),