Conversation
|
@codex review |
Takaros999
requested review from
Gr1dlock,
andy-t-wang and
bin-umar
as code owners
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1076e21091
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| }); | ||
|
|
||
| it("rejects introspection queries from unauthenticated requests", async () => { | ||
| it.skip("rejects introspection queries from unauthenticated requests", async () => { |
There was a problem hiding this comment.
Changing this case to it.skip removes the only automated check that anonymous requests are blocked from running GraphQL introspection. If Hasura config regresses in CI/staging (or production-like envs) and introspection becomes enabled, the pipeline will no longer catch it, so a security-sensitive behavior can ship unnoticed; this should be stabilized rather than disabled.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
this is my intention we will come back to it
2 participants
auth0Idwas failing sometimes because we use the timestamp and resulted into "duplicate users", we now use random bytes instead to make it more robust