[murdockq]

I have done this in a node app that acts as the intermediate / proxy between your frontend and the prisma service. Infact you can even run it as a serverless endpoint just fine to keep it lightweight.

[yodon]

Is that whitelisting routes? I’m sure there’s a good solution, I’m just not sure how to make sure I’ve got the full surface area properly covered (which naively feels tricky to do with GraphQL but again I’m still trying to understand what are the best practices)

[murdockq]

I have had good results with https://github.com/maticzav/graphql-shield but I am also keeping an eye on https://github.com/prismagraphql/graphql-middleware as it is written by the prisma team but isn't ready for production just yet.