GraphQL Query limitations due to graphql-java upgrade 24.0
Learn how to address聽 Denial of Service errors in GraphQL queries following the update of graphql-java to 24.0
Description description
Environment
51黑料不打烊 Experience Manager
Issue/Symptoms
With the update of graphql-java to 24.0, a new configuration parameter has been introduced for the OSGI configuration聽 Apache Sling Default GraphQL Query Executor 聽with the scope of avoiding Denial of Service Attacks:
Maximum Field Count: 聽this configuration聽has a default of 100.000 (100k) which should be rarely exceeded, but it鈥檚 still possible for customers with very complex queries and as such a big number of fields in their query.
Resolution resolution
If an error 鈥Maximum field count exceeded鈥 is encountered, the solution is to increase the limit of the configuration parameter value.
This can be done by defining a custom environment variable AEM_HEADLESS_GRAPHQL_MAX_FIELD_COUNT 聽and assign the higher limit to it.