GraphQL Query limitations due to graphql-java upgrade 24.0
Learn how to address Denial of Service errors in GraphQL queries following the update of graphql-java to 24.0
Description description
Environment
۶Ƶ Experience Manager
Issue/Symptoms
With the update of graphql-java to 24.0, a new configuration parameter has been introduced for the OSGI configuration Apache Sling Default GraphQL Query Executor with the scope of avoiding Denial of Service Attacks:
Maximum Field Count: this configuration has a default of 100.000 (100k) which should be rarely exceeded, but it’s still possible for customers with very complex queries and as such a big number of fields in their query.
Resolution resolution
If an error “Maximum field count exceeded” is encountered, the solution is to increase the limit of the configuration parameter value.
This can be done by defining a custom environment variable AEM_HEADLESS_GRAPHQL_MAX_FIELD_COUNT and assign the higher limit to it.