Validation timeouts
Stops validation when it exceeds a time budget.
Practices implemented
Applies to
- GraphQL servers
- Gateways and proxies
Configuration (suggested defaults)
| Parameter | Default | Notes |
|---|---|---|
validationTimeoutMs | 250 | Abort validation after a time budget. |
fallbackBehavior | reject | Reject queries that exceed the timeout. |
Implementation notes
- Enforce timeouts during validation, before execution starts.
- Surface clear errors that point to validation cost.
- Keep validation rules deterministic.
- Hashing operations and storing them in a "known good" list once validated can save repeated validation costs.
Cautions
- Complex schemas may require higher timeouts.
- Timeouts can hide performance regressions if not monitored.
- Frequent validation timeouts from the same user or IP might indicate a malicious user. Consider rate-limiting new operations.