Supporting resource for my talk at GraphQL Summit, "Understanding GraphQL Security: Protecting Your Server from Abuse" Resources
GraphQL server features to limit or disable in production
Disable Introspection - Not only disable GraphiQL but also prevent introspection.
Block field suggestions - Prevent returning field suggestions and leaking your schema to unauthorized actors.
Character Limit - Limit the number of characters in a GraphQL query document.
Cost limit - Limit the complexity of a GraphQL document.
Max Aliases - Limit the number of aliases in a GraphQL document.
Max Depth - Limit the depth of a GraphQL document.
Max Directives - Limit the number of directives in a GraphQL document.