-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle GET request query parameters. #429
Handle GET request query parameters. #429
Conversation
This commit adds plugin utilities that will allow users to craft Request and Responses, and MockServices so they will be able to test their Layers and Plugins in isolation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small thing to add a reference to the documentation on '+' treatment.
apollo-router-core/src/request.rs
Outdated
@@ -46,6 +46,34 @@ where | |||
} | |||
|
|||
impl Request { | |||
pub fn from_urlencoded_query(url_encoded_query: String) -> Result<Request, serde_json::Error> { | |||
// decode percent encoded string | |||
// from the docs `Unencoded `+` is preserved literally, and _not_ changed to a space.`, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which docs? Specify a reference here please.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also probably could do with a larger comment here with background on the problem.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we currently have a way to forbid mutation
s from happening over GET
? Mutations should not be allowed over GET
. (And we should return HTTP 405 Method Not Allowed.)
Marking as requested changes, mostly just because it's important. (Haven't reviewed the rest!)
it somehow looks like i can't comment on the thread anymore, I've adressed the comment related issue in 1e4dc1a |
is forbidding mutations due to CSRF (cf https://blog.doyensec.com/2021/05/20/graphql-csrf.html )? |
This commit allows us to parse --data-urlencoded get parameters, to handle a graphql request.
…eived get parameter data
1e4dc1a
to
84f5056
Compare
@abernix getting there! Just need to make sure the response body matches our expectations (or the gateways) |
That definitely comes into play though I don't think that this alone would be sufficient to tick that box since At the core of it for me is that |
… a graphql error now though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with one suggestion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. I think adding Default
to Request
seems useful, but let me know if you disagree.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work!
We can use this changelog in the future! Ref: #429
This removes `Request::from_bytes()` from the public API. We were no longer using it and we don't expect anyone external to have been relying on it. This was discovered this function during an exercise of documenting our entire public API. We considered keeping it briefly, but it doesn't necessarily meet our requirements for shipping it in the public API. It's internal usage was removed in [`d147f97d`](d147f97d as part of [PR #429](#429). We can consider re-introducing this in the future (it even has a matching `Response::from_bytes()` which it composes against nicely!), but it seemed worth remove it for the time-being until the use-cases are here. (We can already see the use-cases, but we want to actually design them first.) Closes #1855
This removes `Request::from_bytes()` from the public API. We were no longer using it and we don't expect anyone external to have been relying on it. This was discovered this function during an exercise of documenting our entire public API. We considered keeping it briefly, but it doesn't necessarily meet our requirements for shipping it in the public API. It's internal usage was removed in [`d147f97d`](d147f97d) as part of [PR #429](#429). We can consider re-introducing this in the future (it even has a matching `Response::from_bytes()` which it composes against nicely!), but it seemed worth remove it for the time-being until the use-cases are here. (We can already see the use-cases, but we want to actually design them first.) Closes #1855
This commit allows us to parse --data-urlencoded get parameters, to handle a graphql request.