This bundle supports webonyx/graphql-php validation rule to disable introspection queries.
Introspection is a mechanism for fetching schema structure. It is used by tools like GraphiQL for auto-completion, query validation, etc.
It means that anybody can get a full description of your schema by sending a special query containing meta fields __type and __schema.
If you are not planning to expose your API to the general public, it makes sense to disable this feature in production. By disabling, tools like GraphiQL won't work anymore.
#app/config/config.yml
overblog_graphql:
security:
enable_introspection: '%kernel.debug%'Introspection is enabled by default.