The `@auth` directive - Graphql

Greetings! Well it certainly seems that I am confused about which schema to alter where.

I want to experiment with the @auth directive.

Is it correct to infer from your post that DQL schemas cannot include the @auth directives?

I was now able to alter the GQL schema using the /admin/schema endpoint as suggested!

type Ride @auth(query: { rule: "{$isAuthenticated: { eq: \"true\" } }" }) {
  where: String
  when: Int
  who: String
  comments: String
  created: Int
  modified: Int

# Dgraph.Authorization X-Auth-Token ...

via insomnia i can see that adding the x-auth-token header will enable queries to get results!

However, it seems that the auth rules are ignored on the dgraph /query endpoint?
Is that how it is meant to be?

Well, I am starting to understand how the graphql endpoints and the dql endpoints are sharing data and schemas…

But now I have a very important question:
If I set up a GraphQL schema with @auth rules, do / will DQL queries respect them?
It seems that I can freely query via the DQL /query/ endpoint even though the /graphql/ endpoint is requiring an auth header…
Is there a way to disable the DQL endpoint or otherwise convince it to respect the @auth rules?