flask-graphql
flask-graphql copied to clipboard
graphql-python
update cdn links
jsdelivr.net has updated their url scheme. The old style only has graphiql through version 0.10.x, but the new style supports through the latest (0.11.10 as of today).
I need this 🙏 Having history pane in graphiql with newer versions is great.
@HeyHugo Dose the new version contain this history button? I use 1.4.1, but no.
@simonclouds You can pass an argument graphiql_version to the graphql view to request a specific version. Currently I've modified my local flask-graphql with this PR so when I register my endpoint for graphql with graphiql it looks like this:
graphql_api = Blueprint('graphql', __name__)
graphql_api.add_url_rule(
'/graphql',
view_func=GraphQLView.as_view(
'graphql',
schema=schema,
graphiql=True,
graphiql_version='latest'
)
)
And I get the latest version of graphiql
@HeyHugo Thanks a lot ! I just found that too in graphene_django.views when I looked into a django project, and I found the follow
class GraphQLView(View):
graphiql_version = '0.10.2'
graphiql_template = 'graphene/graphiql.html'
schema = None
graphiql = False
executor = None
middleware = None
root_value = None
pretty = False
batch = False
after give the graphiql_version = '0.10.2' , I get the history button.
From a security perspective I think it would be good to include Subresource Integrity/SRI in the tags. An example of the risk that SRI helps prevent is JS crypto-miners among other attacks where the CDN and/or publisher has been compromised; https://www.wordfence.com/blog/2018/02/cryptomining-javascript-supply-chain-attack/
As a result I think it's probably easier to maintain through copy-pasting the whole tag rather than templating the version. cdnjs as an example provides a "link with SRI" copy facility for most assets.
