Comments (3)
dylanowen
commented on May 3, 2024
1
If we are looking at integrating graphql multipart spec into graphql over http I'd recommend we rework the implementation. The current spec is very specific to a JS Server Middleware and other languages have to work around these constraints when implementing it.
from graphql-over-http.
glasser
commented on May 3, 2024
1
I would not recommend adding this to the spec, but if we do, it should only be done in a way that discourages users from accidentally exposing themselves to CSRF errors; naive usage of this multipart spec generally adds CSRF mutations to cookie-using servers that are otherwise protected against them. I'd recommend reading my proposed security addition to the multipart spec as part of considering this: jaydenseric/graphql-multipart-request-spec#64
from graphql-over-http.
wtrocki
commented on May 3, 2024
Worth noting that this spec is now widely adopted in popular GraphQL servers and became standard on its own. OData specification which is very close to the HTTP protocol have similar concepts for binary formats.
from graphql-over-http.
Related Issues (20)
- Spec references RFC7231 which is obsoleted HOT 4
- Response status code as `application/json` content HOT 5
- Clarify the use of HTTP GET and POST request HOT 2
- Status codes for unauthenticated OAuth errors HOT 1
- Optional query discussion HOT 13
- GraphQL request optional parameters HOT 2
- Kitchen sink HTTP requests HOT 3
- Allow non-UTF-8 encodings HOT 2
- What is well-formed response HOT 3
- Status codes 404 and 410 HOT 1
- Clarification for `Accept: */*` HOT 8
- Should we explicitly support `Content-Type: application/graphql`? HOT 13
- Should the query property really be required? HOT 1
- Make it clear that extra keys in the request/response payloads are not allowed HOT 2
- [2023-10] Add changes promoting spec to RFC 2 status
- [2023-10] Add RFC2 status to next GraphQL Spec WG HOT 1
- Create the "Action Item" issue template
- [2023-11] Add notes about security to GraphQL-over-HTTP spec HOT 8
- [2024-01-25] Contact Apollo about persisted operations appendix HOT 2
- What is the rationale for handling Invalid parameters as 400? HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from graphql-over-http.