> Tell me how you do the control/auth and allow certain users to access a resource while others
how would you do this with REST? or any other kind of API? graphql, at it's core, is a tool for the frontend to describe to the backend what data it wants. how the backend replies to that is completely up to the backend.
> formulate complex queries where they ask for the kitchen sink
most concrete implementations i've seen include a way to limit complexity. in `graphql-ruby` for example, you can limit how many nodes, and you can apply a "cost" to a particularly expensive-to-calculate node if you like. Say you give an API only 10 "complexity points". You could make most nodes cost 1 point, and expensive nodes cost 3 points. Now, someone can _request_ the kitchen sink, but you can respond with a "no".
This is not true, at least in Chrome. I've tried with an object with the `toString` property set, and tried with a function with an updated prototype. In both cases, Chrome just...displays the object.
surely not if the customer _explicitly requests_ that the communications are blocked? iirc in Aus it was possible to have your provider block messages to premium rate numbers back in the days when it was popular to buy ringtones.
That's clearly not viable, as displayed in the linked article. One of the examples of a good use for this was 1Password reading QR codes from a browser. Additionally, how would screen capture software work?
Rails has this behaviour (which is where I spotted it) but it seems very counter-intuitive
> ActiveSupport::TimeZone['Etc/GMT+12'].now
Wed, 21 Jun 2023 13:07:24.082417000 -12 -12:00