Warn on unconfigured cache
#6545
Conversation
|
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit 644d302:
|
| @@ -261,6 +261,21 @@ export class ApolloServerBase< | |||
| : noIntro; | |||
| } | |||
|
|
|||
| if ( | |||
| this.config.nodeEnv === 'production' && | |||
| (requestOptions.persistedQueries === undefined || | ||
| (requestOptions.persistedQueries && | ||
| !requestOptions.persistedQueries.cache && | ||
| !requestOptions.persistedQueries.ttl)) |
| @@ -261,6 +261,21 @@ export class ApolloServerBase< | |||
| : noIntro; | |||
| } | |||
|
|
|||
| if ( | |||
There was a problem hiding this comment.
move to right before setting unboundedcache
There was a problem hiding this comment.
not that it really matters but my idea was it could be nested inside the if (!requestOptions.cache) below instead of repeating that part of the condition
| !requestOptions.persistedQueries.ttl)) | ||
| ) { | ||
| this.logger.warn( | ||
| 'Apollo Server is running with an unbounded in-memory cache in production. ' + |
There was a problem hiding this comment.
Persisted queries are enabled and use an unbounded cache. Your server is vulnerable to denial of service attacks via memory exhaustion. Set cache: 'bounded' or persistedQueries: false in your ApolloServer constructor, or see DOCS for other alternatives.
Issue a warning in production mode if neither the cache nor the APQ cache (persistedQueries.cache) are configured. We've provided a simple path to using a bounded cache via: #6536 The current default for AS3 is an unbounded in memory cache, which is susceptible to a DOS attack since APQs can fill up the server's memory with no limit. This warning provides an actionable recommendation to update their configuration in order to prevent this.
Issue a warning in
productionmode if neither thecachenor the APQ cache (persistedQueries.cache) are configured.We've provided a simple path to using a bounded cache via:
#6536
The current default for AS3 is an unbounded in memory cache, which is susceptible to a DOS attack since APQs can fill up the server's memory with no limit. This warning provides an actionable recommendation to update their configuration in order to prevent this.