Disabling GraphQL introspection requests on production

For company policies reasons I must disable the introspection feature of graphql-ruby gem (making the __schema requests fail / return 404).

How do I achieve this?

The application is based on Ruby on Rails version 5.2.2 and the graphql-ruby gem version is 1.8.12.

Solution

From the graphql-ruby documentation:

You can re-implement these fields or create new ones by creating a custom EntryPoints class in your introspection namespace:
module Introspection
  class EntryPoints < GraphQL::Introspection::EntryPoints
    # ...
  end
end

That said, just introduce def __schema method redirecting to 404 or explicitly responding with 404.

FWIW, here is the original code you are to overwrite.

How do I stop Routing Errors errors from causing all sorts of warning?
Where do you put your Rack middleware files and requires?
How to prevent the <p> tag from wrapping around my input with tinymce in Rails?
Clickable Table Rows in Ruby on Rails
How to determine if one array contains all elements of another array
Adding page-specific CSS to Rails Asset Pipeline
Rails 7.1, log to STDOUT and log/production.log
Add custom fields to object in ROR application
Hit web endpoints behind Devise authentication with non-browser request in a Rails app
How to revert/undo local changes to an Activerecord object?
Disabling GraphQL introspection requests on production
carrierwave png thumbnails from svg upload
When rails app create database and collection when using MongoDb?
Sidekiq sending jobs to test queue instead of developement queue
Duration between two dates in Ruby (Rails)
rails assert_difference without specific difference value
How best to propogate an `admin` status to children using Rails and Ancestry
Rails minitest + authlogic cannot authenticate
How does bundler work (in general)?
`belongs_to` and `before_create` order in Rails
Rails Internationalization (I18n) + Turbo Streams: how to change the locale for Turbo Streams?
Delay a user defined helper method with delayed_job
Rails.application.credentials.dig(:secret_key_base) returning nil in Heroku production
Ruby On Rails - CRUD - Destroy/Delete Not Working?
Rails: may have been in progress in another thread when fork() was called
Is it possible to add errors to an ActiveRecord object without associating them with a particular attribute?
How to use Mongoid field type Set?
How to have Rails migrations run automatically on Heroku
How can I use the devise user_signed_in? method in an integration test?
Why can Ruby apparently not find the Capistrano current directory?