graphql-over-http icon indicating copy to clipboard operation
graphql-over-http copied to clipboard

Published 20 hours ago verified publisher icon graphql

Consider integrating or referencing GraphQL multipart spec

Open mike-marcacci opened this issue 5 years ago • 3 comments

When it comes to sending large scalars over HTTP, @jaydenseric's graphql multipart spec is the de facto standard at this point, being supported by many languages and tools, including Apollo's ecosystem.

There is probably value to either integrating or referencing his spec here.

mike-marcacci avatar Nov 07 '19 17:11 mike-marcacci

Worth noting that this spec is now widely adopted in popular GraphQL servers and became standard on its own. OData specification which is very close to the HTTP protocol have similar concepts for binary formats.

wtrocki avatar Apr 29 '20 08:04 wtrocki

If we are looking at integrating graphql multipart spec into graphql over http I'd recommend we rework the implementation. The current spec is very specific to a JS Server Middleware and other languages have to work around these constraints when implementing it.

dylanowen avatar Aug 01 '22 21:08 dylanowen

I would not recommend adding this to the spec, but if we do, it should only be done in a way that discourages users from accidentally exposing themselves to CSRF errors; naive usage of this multipart spec generally adds CSRF mutations to cookie-using servers that are otherwise protected against them. I'd recommend reading my proposed security addition to the multipart spec as part of considering this: https://github.com/jaydenseric/graphql-multipart-request-spec/pull/64

glasser avatar Apr 12 '23 08:04 glasser