Allow the user to see the query before prompting

This also allows the introspection query through so that the user can
edit with intellisense before being prompted.

Author: danpalmer

graphene_django/templates/graphene/graphiql.html

@@ -58,9 +58,31 @@
         otherParams[k] = parameters[k];
       }
     }
+
+    // If there are any fragment parameters, confirm the user wants to use them.
+    var isReload = window.performance ? performance.navigation.type === 1 : false;
+    var isQueryTrusted = Object.keys(parameters).length === 0 || isReload;
+
     var fetchURL = locationQuery(otherParams);
+
     // Defines a GraphQL fetcher using the fetch API.
     function graphQLFetcher(graphQLParams) {
+      var isIntrospectionQuery = (
+        graphQLParams.query !== parameters.query
+        && graphQLParams.query.indexOf('IntrospectionQuery') !== -1
+      );
+
+      if (!isQueryTrusted
+        && !isIntrospectionQuery
+        && !window.confirm("This query was loaded from a link, are you sure you want to execute it?")) {
+        return Promise.resolve('Aborting query.');
+      }
+
+      // We don't want to set this for the introspection query
+      if (!isIntrospectionQuery) {
+        isQueryTrusted = true;
+      }
+
       var headers = {
         'Accept': 'application/json',
         'Content-Type': 'application/json'
@@ -100,13 +122,6 @@
     function updateURL() {
       history.replaceState(null, null, locationQuery(parameters));
     }
-    // If there are any fragment parameters, confirm the user wants to use them.
-    var isReload = window.performance ? performance.navigation.type === 1 : false;
-    if (Object.keys(parameters).length
-      && !isReload
-      && !window.confirm("An untrusted query has been loaded, continue loading query?")) {
-      parameters = {};
-    }
     var options = {
       fetcher: graphQLFetcher,
         onEditQuery: onEditQuery,