Go to new doc!

+49 228 5552576-0




Check GraphQL-over-HTTP requests, enforcing several limits and/or restrictions. This effectively helps to reduce the attack surface.

GraphQL Specification "October2021" is used. (But GraphQL only covers formulation of Documents/Queries.)

GraphQL-over-HTTP, which specifies how to submit GraphQL queries via HTTP, has not been released/finalized yet. We therefore use Version a1e6d8ca .

Only GraphQL documents conforming to the 'ExecutableDocument' of the grammar are allowed: This includes the usual 'query', 'mutation', 'subscription' and 'fragment's.

Can be used in

spring:beans, api, bean, if, interceptor, internalProxy, proxy, registration, request, response, serviceProxy, soapProxy, stompProxy, swaggerProxy, transport and wsStompReassembler


Name Required Default Description Example
allowExtensions false false true
allowedMethods false GET,POST
maxDepth false -
maxRecursion false -