Comments (2)
I'd be disinclined to make this change. The GraphQL-over-HTTP spec (which to some degree we try to follow and to some degree we try to improve) doesn't prescribe behavior here, just stating
All other property names are reserved for future expansion; if implementors need to add additional information to a request they MUST do so via other means, the RECOMMENDED approach is to add an implementor-scoped entry to the {extensions} object.
GraphQL requests didn't support extensions
originally. When we tried to add it in our clients, we found it pretty frustrating that a few GraphQL servers had exactly the behavior you described above of rejecting POST bodies with unknown keys — it meant any feature that used request-side extensions had to carefully be opt-in so that you wouldn't accidentally use it against one of these stricter servers. I wouldn't want Apollo Server to cause the same sort of issue for the future.
You could posit that this issue was unique to adding extensions
since now that extensions
exists, it is itself the right place to put new keys. But the GraphQL spec itself could add new top-level fields here, and it would be imaginable that some field could be added that would be OK if the server didn't know about it, so I'd rather not paint us into a corner and prevent those sorts of gradual-adoption new features by rejecting these requests immediately.
It looks like our plugin API more or less suits your use case. If many people have the same issue we could consider adding it to the docs but for now I'd prefer us to not make our servers stricter unless there's an actual security issue being triggered.
from apollo-server.
That reasoning makes sense. Thanks for the history on the extensions
object.
from apollo-server.
Related Issues (20)
- Update `@koa/cors` dependency for AS3 (or why we don't intend to) HOT 2
- Share and modify variables between Express and the GraphQL/Apollo server HOT 1
- Error: ApolloServer<BaseContext>' is not assignable to type 'ApolloServer<ExpressContext> HOT 3
- callback function for onSchemaLoadOrUpdate when upgrading from AS v3 to AS v4 HOT 3
- Allow plugins to throw meaningful GraphQL errors
- Getting started tutorial has typescript issues...
- Delay when subscription is closed on client side of the router when using callback
- Documentation and dynamic cache control feature of Apollo leverages incompatible GraphQl type interface. HOT 4
- Disabling introspection should also disable "Did you mean ...?" HOT 3
- Undefined 'code' TypeError within errorNormalize HOT 2
- Link broken for plugin
- The server crashes if a promise with deferred handling rejects while another promise is trying to resolve HOT 8
- Upgrade Express version to mitigate the Open Redirect Vulnerability in Express.js for malformed URLs, specifically targeting versions below 4.19.2. HOT 1
- Marking text works unreliable HOT 3
- CodeSandbox setup is failing HOT 1
- Passing context to datasource loses it's reference, meaning, we cannot mutate the context between the resolver and datasources. HOT 2
- Provide basic CSS formatting for markdown rendered in description fields for the sandbox
- Redirect in Context HOT 2
- Embeddable sandbox: do not force refresh on updates HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apollo-server.