Implemented? Queries Closed by default

Hi DGraph team!

I was somewhat shocked to learn that Dgraph queries are readable by default by anyone with knowledge of the URL of my Slash GraphQL instance.
I read in a comment that you would implement such that all queries/mutations are - instead - closed by default, in a future version. Do you recognize what I’m talking about? If so, when will that be implemented

For my use-case, I do not wish to allow users to query the DGraph database directly from clientside, but instead I wish a backend to query the DGraph database, on behalf of the users.

This is what I wish to achieve
[Clients] <–> [HTTP Backend, written by me] <—> [DGraph database]
Only the backend should be able to - using a set of credentials - to read/write to the Slash DGraph database

To make my question clear: How do I make all queries and mutations closed by default? Has it been implemented?

Closed-by-default functionality was added in Dgraph v20.11 in this PR:

You can set the "ClosedByDefault": true in the # Dgraph.Authorization object in your schema to require auth even if @auth isn’t specified on a type:

1 Like

Thanks for the answer :slight_smile:
FYI: The link you’re referring to doesn’t not mention your solution though

@mortenalbertsen You’re right. We’re working on the docs for that. It’ll be live soon.

1 Like

@mortenalbertsen The docs for ClosedByDefault are now live.