From 30e1a31953cdf47fd784cdd4da0fdcf09e6685c2 Mon Sep 17 00:00:00 2001 From: Christer van der Meeren Date: Wed, 14 Feb 2024 07:02:50 +0100 Subject: [PATCH 1/2] Clarify middleware splitting vs. endpoints --- website/src/docs/hotchocolate/v12/security/authorization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/src/docs/hotchocolate/v12/security/authorization.md b/website/src/docs/hotchocolate/v12/security/authorization.md index 700be9ba944..71cb46255dc 100644 --- a/website/src/docs/hotchocolate/v12/security/authorization.md +++ b/website/src/docs/hotchocolate/v12/security/authorization.md @@ -362,7 +362,7 @@ public class Startup This method also accepts [roles](#roles) and [policies](#policies) as arguments, similar to the `Authorize` attribute / methods. -> Warning: Unlike the `@authorize directive` this will return status code 401 and prevent unauthorized access to all middleware included in `MapGraphQL`. This includes our GraphQL IDE Banana Cake Pop. If we do not want to block unauthorized access to Banana Cake Pop, we can split up the `MapGraphQL` middleware and for example only apply the `RequireAuthorization` to the `MapGraphQLHttp` middleware. +> Warning: Unlike the `@authorize directive` this will return status code 401 and prevent unauthorized access to all middleware included in `MapGraphQL`. This includes our GraphQL IDE Banana Cake Pop. If we do not want to block unauthorized access to Banana Cake Pop, we can split up the `MapGraphQL` middleware and for example only apply the `RequireAuthorization` to the `MapGraphQLHttp` middleware. Note however that when splitting up the middleware in this way, it is not possible to map the them to the same endpoint like `MapGraphQL` does. [Learn more about available middleware](/docs/hotchocolate/v12/server/endpoints) From 42f0edf3d8d2df328620c15e6759c25a8f03b882 Mon Sep 17 00:00:00 2001 From: Christer van der Meeren Date: Thu, 15 Feb 2024 19:26:21 +0100 Subject: [PATCH 2/2] Update website/src/docs/hotchocolate/v12/security/authorization.md Co-authored-by: Glen --- website/src/docs/hotchocolate/v12/security/authorization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/src/docs/hotchocolate/v12/security/authorization.md b/website/src/docs/hotchocolate/v12/security/authorization.md index 71cb46255dc..49fb962be43 100644 --- a/website/src/docs/hotchocolate/v12/security/authorization.md +++ b/website/src/docs/hotchocolate/v12/security/authorization.md @@ -362,7 +362,7 @@ public class Startup This method also accepts [roles](#roles) and [policies](#policies) as arguments, similar to the `Authorize` attribute / methods. -> Warning: Unlike the `@authorize directive` this will return status code 401 and prevent unauthorized access to all middleware included in `MapGraphQL`. This includes our GraphQL IDE Banana Cake Pop. If we do not want to block unauthorized access to Banana Cake Pop, we can split up the `MapGraphQL` middleware and for example only apply the `RequireAuthorization` to the `MapGraphQLHttp` middleware. Note however that when splitting up the middleware in this way, it is not possible to map the them to the same endpoint like `MapGraphQL` does. +> Warning: Unlike the `@authorize directive` this will return status code 401 and prevent unauthorized access to all middleware included in `MapGraphQL`. This includes our GraphQL IDE Banana Cake Pop. If we do not want to block unauthorized access to Banana Cake Pop, we can split up the `MapGraphQL` middleware and for example only apply the `RequireAuthorization` to the `MapGraphQLHttp` middleware. Note however that when splitting up the middleware in this way, it is not possible to map them to the same endpoint like `MapGraphQL` does. [Learn more about available middleware](/docs/hotchocolate/v12/server/endpoints)