absinthe_plug

absinthe_plug copied to clipboard

Handle "unavailable" schema module status more correctly

6

I've been dancing around these unpredictable "is not a valid `Absinthe.Schema`" errors for months now, and finally took some time to figure out exactly what's going on. It turns out...

giddie

Supporting POSTs with multipart/form-data is dangerous without CSRF protection

2

We recently discovered that supporting `multipart/form-data` POSTs in GraphQL servers makes it very likely that your server will be vulnerable to executing GraphQL mutations in CSRF attacks unless otherwise prevented....

glasser

Newer versions of Graphiql [support headers in the editor](https://github.com/graphql/graphiql/pull/1543), but it looks like the version of Graphiql in `absinthe_plug` doesn't have it.

denispeplin

I'm not quite sure if this should be part of the `Absinthe.Plug` API or if we should just dig into `Conn.private`. Do with it as you will!

elijahkim

If a developer wants to preserve context when executing a whole document, there needs to be an option to opt out of batched execution. https://github.com/absinthe-graphql/absinthe_plug/blob/master/lib/absinthe/plug.ex#L508 https://elixir-lang.slack.com/archives/C0PR49P4P/p1624455107364500

erikosmond

How to disable multi-operation queries

1

How can we disable multi-operation queries like "[{"operationName":"xxx1","variables":{},"query":"query xxx1 {*********}"}, {"operationName":"xxx2","variables":{},"query":"query xxx2 {*********}"}, {"operationName":"xxx3","variables":{},"query":"query xxx3 {*********}"},, ...repeat 1000x..." for security reason, we prefer to only allow a single operation per...

xxia-brex

How to update graphql-playground version

1

It seems that the latest version adds a lot of useful features.

BlindingDark

Previously subscriptions over HTTP were handled through SSE. This commits adds a callback so the user can choose to handle it differently. It's modelled after how [graphl-ruby](https://graphql-ruby.org/subscriptions/pusher_implementation.html) does it. I...

maartenvanvliet

Chore: Upgrade GraphiQL to 1.11.4

5

So, this is the first step on a bigger journey to get the GraphiQL client(s) up to date. I might need little guidance here and there since I only started...

luhagel

Feat/add spec compliant errors opt

5

As per the spec (https://spec.graphql.org/October2021/#sec-Errors.Error-result-format) enables placing extra errors in the extensions field using `spec_compliant_errors: bool` plug option. In line with https://github.com/absinthe-graphql/absinthe/pull/1215, this is an optional prop with a default...

thecynicalpaul