Currently there are guards in place to prevent query settings from being applied on id hack queries, and queries containing encryption information. We should extend those guards to also include queries targeting internal collections to prevent potential unwanted edge-cases / attack vectors.
Since users will be able to set query settings via hash as well, we would need to add validation in two places:
- query settings being set via query
Here we can just throw a user friendly message, stating that setting query settings on internal collections is forbidden
- query settings lookup
We will avoid performing query settings lookup, if query involves internal collections