Strapi GraphQL-安全性(标头bearer_token)
[英]Strapi GraphQL - Security (header bearer_token)
问题描述
Is there a way to secure GraphQL queries in Strapi? 
有没有办法在Strapi中保护GraphQL查询?
I'm developing an application in Angular 6 (frontend) and Strapi (backend). 我正在Angular 6(前端)和Strapi(后端)中开发应用程序。 Ideally, i'd like to only allow queries with an authorised bearer_token. 理想情况下,我只允许使用授权的bearer_token查询。
Cheers, Rodrigo 干杯,罗德里戈
1 个解决方案
解决方案1
1 已采纳 2018-09-26 08:18:58
The Users and Permissions section of the admin panel is based on the controllers' actions, not of routes. 管理面板的“用户和权限”部分基于控制器的操作,而不是路由。 Because default GraphQL queries use these actions, you can use the Users & Permissions section to manage GraphQL security rules. 由于默认的GraphQL查询使用这些操作,因此您可以使用“用户和权限”部分来管理GraphQL安全规则。
If you want to add more custom logic or secure your custom GraphQL resolvers, take a look a this section of the documentation: https://strapi.io/documentation/guides/graphql.html#execute-a-policy-before-a-resolver . 如果要添加更多自定义逻辑或保护自定义GraphQL解析器,请查看文档的以下部分: https ://strapi.io/documentation/guides/graphql.html#execute-a-policy-before-a -解析器
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.