From 471f12b8bace219d5c5545fcc4c5fb040e27735c Mon Sep 17 00:00:00 2001
From: Jake Barnby <jakeb994@gmail.com>
Date: Thu, 29 Sep 2022 17:46:01 +1300
Subject: [PATCH] Only apply max depth and complexity in production to allow
 introspection

---
 app/controllers/api/graphql.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/graphql.php b/app/controllers/api/graphql.php
index 7c47d57cf3..2766a5231e 100644
--- a/app/controllers/api/graphql.php
+++ b/app/controllers/api/graphql.php
@@ -131,11 +131,11 @@ function executeRequest(
 
     $flags = DebugFlag::INCLUDE_DEBUG_MESSAGE | DebugFlag::INCLUDE_TRACE;
     $validations = GraphQL::getStandardValidationRules();
-    $validations[] = new QueryComplexity($maxComplexity);
-    $validations[] = new QueryDepth($maxDepth);
 
     if (App::isProduction()) {
         $validations[] = new DisableIntrospection();
+        $validations[] = new QueryComplexity($maxComplexity);
+        $validations[] = new QueryDepth($maxDepth);
         $flags = DebugFlag::NONE;
     }