Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce custom header on formdata requests to protect against CSRF attack. #6188

Closed
michaelstaib opened this issue May 23, 2023 · 0 comments · Fixed by #6189
Closed

Enforce custom header on formdata requests to protect against CSRF attack. #6188

michaelstaib opened this issue May 23, 2023 · 0 comments · Fixed by #6189
Assignees
@michaelstaib
Labels
🌶️ hot chocolate security Pull requests that address a security vulnerability
Milestone
HC-13.2.0

Comments

@michaelstaib
Copy link
Member

michaelstaib commented May 23, 2023
edited
Loading

By default we should enforce an extra header on formsdata request called graphql-preflight.
jaydenseric/graphql-multipart-request-spec#64 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelstaib michaelstaib

Labels
🌶️ hot chocolate security Pull requests that address a security vulnerability
Projects
None yet
Milestone
HC-13.2.0
Development

Successfully merging a pull request may close this issue.

Enforce preflight header on multipart requests. ChilliCream/graphql-platform
1 participant
@michaelstaib