Comments (10)
In PostGraphile's server, we do the parsing in the server (and validation, for that matter), before later handing off to execute (import { execute } from 'graphql'
) with the parsed document (AST). For a GraphQL server I think it's not unreasonable to expect the server to do superficial parsing of the document sufficient to determine the operation type; but maybe we could limit this requirement to only servers supporting GET
?
I 100% agree that mutations MUST NOT be available over GET
. I know there are people doing this currently, that's not sufficient to justify allowing it to me.
from graphql-over-http.
The Apollo Client HttpLink
already opts mutations out of GET requests:
from graphql-over-http.
Query is unfortunately a very overloaded term.
I am aware, that is why I specifically alluded to query operations as opposed to mutation operations.
We seem to agree that read-only requests (query operations) are fine, so maybe the title can reflect that we should Consider dropping GraphQL mutations via GET
.
from graphql-over-http.
To be clear: Are you recommending to remove sending GraphQL query operations through GET, too?
Since query operations are prescribed to be idempotent by the GraphQL spec, using GET is perfectly fine for them. It can even be advantageuous for caching.
from graphql-over-http.
Query is unfortunately a very overloaded term: the problem are not queries which are only reading, but the problem are queries which change something (mutations).
from graphql-over-http.
@spawnia I agree that dropping GraphQL mutations only is a theoretical option. Not sure this is a good practical option as it requires a level of understanding of the query which is normally not available in the transport layer (the query must be parsed in order to say it is a query or mutation).
I amended the title to make it more clear.
from graphql-over-http.
I would recommend to make it optional at least: all GraphQL servers in production I know about don't support GET and only POST.
Parsing and validating a Mutation via GET before it is rejected is doable of course, but this extra effort should be optional at least.
from graphql-over-http.
We rely on GET for queries that don't contain mutations in order to support caching via cache-control
and etag
headers, both in edge caches and on clients.
Much as I'd prefer to just use POST everywhere, which avoids long URL limitations, it's extremely difficult to do caching of POST responses at both these layers. Clients that follow the HTTP spec will refuse to reuse POST responses, and only some edge caches/CDNs allow POST caching (for example, with enough configuration Varnish and Akamai do, but AWS CloudFront does not).
from graphql-over-http.
A server MUST accept POST requests, and MAY accept other HTTP methods, such as GET.
Isn't it better to use the HTTP GET method in the query operation?
If so, shouldn't the specification include a statement that GET is recommended for query operations?
If not, what is the advantage of POST over GET in query operation?
from graphql-over-http.
Please raise that as a separate issue so it can be assigned to a milestone and discussed.
from graphql-over-http.
Related Issues (20)
- Spec references RFC7231 which is obsoleted HOT 4
- Response status code as `application/json` content HOT 5
- Clarify the use of HTTP GET and POST request HOT 2
- Status codes for unauthenticated OAuth errors HOT 1
- Optional query discussion HOT 13
- GraphQL request optional parameters HOT 2
- Kitchen sink HTTP requests HOT 3
- Allow non-UTF-8 encodings HOT 2
- What is well-formed response HOT 3
- Status codes 404 and 410 HOT 1
- Clarification for `Accept: */*` HOT 8
- Should we explicitly support `Content-Type: application/graphql`? HOT 13
- Should the query property really be required? HOT 1
- Make it clear that extra keys in the request/response payloads are not allowed HOT 2
- [2023-10] Add changes promoting spec to RFC 2 status
- [2023-10] Add RFC2 status to next GraphQL Spec WG HOT 1
- Create the "Action Item" issue template
- [2023-11] Add notes about security to GraphQL-over-HTTP spec HOT 8
- [2024-01-25] Contact Apollo about persisted operations appendix HOT 2
- What is the rationale for handling Invalid parameters as 400? HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphql-over-http.