Version 6 pre-stable
This version of Silverstripe CMS has not yet been given a stable release. See the release roadmap for more information. Go to documentation for the most recent stable version.

Security and best practices

In this section we'll cover several options you have for keeping your GraphQL API secure and compliant with best practices. Some of these tools require configuration, while others come pre-installed.

Authentication
Ensure your GraphQL api is only accessible to provisioned users
Cross-Origin Resource Sharing (CORS)
Ensure that requests to your API come from a whitelist of origins
CSRF protection
Protect destructive actions from cross-site request forgery
Strict HTTP method checking
Ensure requests are GET or POST
Recursive or complex queries
Protecting against potentially malicious queries
Edit on Github