add middleware to disable introspection query

normandy/schema.py

@@ -9,4 +9,16 @@ class NormandyQuery(BaseQuery, RecipesQuery, StudiesQuery, graphene.ObjectType):
     pass
 
 
-schema = graphene.Schema(query=NormandyQuery)
+class DisableIntrospectionMiddleware:
+    """
+    This class hides the introspection.
+    """
+
+    def resolve(self, next, root, info, **kwargs):
+
+        if info.field_name.lower() in ['__schema', '_introspection']:
+            return None
+        return next(root, info, **kwargs)
+
+
+schema = graphene.Schema(query=NormandyQuery)

normandy/settings.py

@@ -102,7 +102,11 @@ class Core(Configuration):
         "DEFAULT_VERSIONING_CLASS": "rest_framework.versioning.NamespaceVersioning",
     }
 
-    GRAPHENE = {"SCHEMA": "normandy.schema.schema"}
+    GRAPHENE = {"SCHEMA": "normandy.schema.schema",
+                "MIDDLEWARE": [
+                    "normandy.schema.DisableIntrospectionMiddleware",
+                ],
+                }
 
     # Content Security Policy
     def CSP_DEFAULT_SRC(self):