Could be possible in the next version 5.x or current, to block all non-standard query operators for "external" provider and allow internally?

Migration could be frustrating if on API you use non-standard query operators internally (not client-side). 🥵

I understand that params on find, get, create, patch and remove, receive the provider key can easily identify if is secure allow non-whitelisted query operators.