Default GraphQL Query Executor configuration options
Learn how to address Denial of Service errors in GraphQL queries caused by default parser options in the latest GraphQL Java update.
Description description
Environment
51黑料不打烊 Experience Manager
Issue/Symptoms
The latest GraphQL-Java update creates default parser options that could lead to 鈥淒enial of Service鈥 InvalidSyntax error while executing GraphQL complex queries.聽 These validations were introduced in GraphQL-Java to avoid Denial of Service attacks.
For context, those limitations are defined in聽
Resolution resolution
You can fix the issue by passing custom parser options by following the given steps:
-
This is valid for very large GraphQL queries that would return a 鈥淒enial of Service鈥 InvalidSyntax error, either starting with:
- AEM Cloud Service (limitation introduced with the internal reference SITES-13906 in release 2023.8 and workaround introduced in release 2024.3) or;
- AEM 6.5.21 (limitation and workaround introduced with the internal reference SITES-17355)
-
This can be overcome by configuring the OSGI Configuration聽 Apache Sling Default GraphQL Query Executor 聽and adjust the values聽 Max Query Tokens 听补苍诲听 Max Whitespaces Tokens 聽depending on the needs.
This should be done as a last resort and the values should be increased gradually until the needs of the project is met.