This one took us a while, but Ariadne 0.12 is now available!
Ariadne 0.12 is a feature release that adds support for custom query validators, adds query cost validator that enables developers to limit maximum complexity of GraphQL query that can be executed by the server, and adds an option for disabling the GraphQL introspection and the GraphQL Playground IDE on servers.
This release also locks required GraphQL core version at 3.0. Support for 3.1 is coming in future version.
Finally, this release also adds
extensions support to the Django view, and fixes a reported bug in
parse_literal producing an error when GraphQL query contained both literal and query variables.
Custom query validators and query cost validator
It is now possible to implement custom GraphQL query validators. This is an advanced feature intended for developers who need to block malicious GraphQL queries from being executed by their server.
Out of the box, Ariadne includes a query cost validator that enables developers to assign costs values to GraphQL fields in the schema and limit size or complexity of a single GraphQL query that may be executed by the server.
introspection option in ASGI, WSGI apps and Django view
One of the most requested features of Ariadne was an option to disable GraphQL Playground. This request had its basis on security concerns, however, disabling GraphQL Playground in Ariadne would not prevent malicious users from using a local GraphQL API client like Insomnia or the desktop version of GraphQL Playground to continue interacting with the API.
This is because when users request the ability to disable GraphQL Playground, they in fact seek an option to disable introspection, a GraphQL feature enabling clients to query a GraphQL server to learn what types, fields, and mutations are implemented by its schema.
Thanks to a contribution from the community, Ariadne's ASGI app, the WSGI app, and the Django view now support an
introspection argument. Setting this option to
False will result in GraphQL Playground becoming unavailable and will also prevent any introspection queries from being executed by the server.
parse_literal implementation in
GraphQL.js reference which is used in development of Ariadne didn't document that scalar's
parse_literal method takes two arguments instead of one, with second argument being present when scalar's literal value was used in query that was also called with variable values.
We've re-tested default behavior of GraphQL-Core library and found it already provides default
parse_literal implementation mirroring Ariadne's one. In light of this we have removed default
parse_literal from Ariadne's codebase and updated scalars documentation to skip
parse_literal. At later date we will follow up with new documentation exploring scenarios when custom
parse_literal is useful.
Ariadne ships with the
ariadne.contrib package which, amongst different useful utils, includes a
django package that implements a Django app complete with a GraphQL view and a few scalars specific to Django.
Today we would like to notify the community about our plan to split
ariadne.contrib.django into a separate package. Ariadne 0.13 will be final Ariadne release to ship with
We are doing this to separate Ariadne releases from
ariadne.contrib.django and also to set an example on how we are envisioning packages providing Ariadne integration with 3rd party web frameworks.
validation_rulesoption to query executors as well as ASGI and WSGI apps and Django view that allow developers to include custom query validation logic in their APIs.
introspectionoption to ASGI and WSGI apps, allowing developers to disable GraphQL introspection on their server.
validation.cost_validatorquery validator that allows developers to limit maximum allowed query cost/complexity.
- Removed default literal parser from
ScalarTypebecause GraphQL already provides one.
introspectionconfiguration options to Django view.
- Updated requirements list to require