PHP 7.3 reaches end of support in December 2021 and Adobe Commerce 2.3.x reaches end of support in April 2022. You may want to consider planning your upgrade now to Adobe Commerce 2.4.x and PHP 7.4.x to help maintain PCI compliance.

GraphQL security configuration

The Framework app/etc/di.xml file uses the maxPageSize argument to restrict the maximum page size in queries to 300. To override this default value, create a custom module and provide a new value in the module’s di.xml file.

The following example changes the limit to 100:

1
2
3
4
5
<type name="Magento\Framework\GraphQl\Query\Resolver\Argument\Validator\SearchCriteriaValidator">
    <arguments>
        <argument name="maxPageSize" xsi:type="number">100</argument>
    </arguments>
</type>

API security describes additional arguments that are applicable to web APIs in general.