I am using an Angular application with Graphql to communicate with a Java/Quarkus backend. There is a situation where a large object is generated and I am attempting to manipulate it in the backend.
An error occurs: Invalid Syntax : More than 15000 parse tokens have been presented. To prevent Denial Of Service attacks, parsing has been cancelled.
Smallrye-graphql and smallrye-graphql-client are being used and I was unable to find any parameter that could be set to increase the limit.
I am aware of this solution but am unsure how to apply it to a Quarkus scenario. More than 15000 parse tokens have been presented
Any help is greatly appreciated.
Advertisement
Answer
Quarkus at the moment doesn’t offer a straightforward way to configure the maximum allowed number of tokens in a query, but you should be able to set it by executing ParserOptions.setDefaultParserOptions(...) somewhere during the start of your application. For example, add a bean that executes it at boot:
public void onStart(@Observes StartupEvent startup) {
ParserOptions.setDefaultParserOptions(ParserOptions.newParserOptions().maxTokens(90000).build());
}
Of course, be aware that this might be abusable by malicious clients, so if you’re exposing such service to the internet, it should at least require authentication or so.