You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. The issue provides a reproduction available on Github, Stackblitz or CodeSandbox
Make sure to fork this template and run yarn generate in the terminal.
Please make sure the GraphQL Tools package versions under package.json matches yours.
2. A failing test has been provided
3. A local solution has been provided
4. A pull request is pending review
Describe the bug
When using the HttpExecutor with the GET method which is used for subscriptions over SSE headers are leaked into the query parameters which is captured by server logs.
This is avoidable by not using extensions to add the headers and using the standalone function headers() but this is easily missed.
This is currently a problem in Yoga and the way it uses GraphiQL, if you initiate a subscription it will encode any headers into the URL.
To Reproduce Steps to reproduce the behavior:
Spin up a yoga server, use the in built GraphiQL to perform a subscription and you can see the headers.
Expected behavior
Headers should not be pushed to extensions.
The text was updated successfully, but these errors were encountered:
Issue workflow progress
Progress of the issue based on the
Contributor Workflow
Describe the bug
When using the HttpExecutor with the GET method which is used for subscriptions over SSE headers are leaked into the query parameters which is captured by server logs.
This is avoidable by not using extensions to add the headers and using the standalone function
headers()
but this is easily missed.This is currently a problem in Yoga and the way it uses GraphiQL, if you initiate a subscription it will encode any headers into the URL.
To Reproduce Steps to reproduce the behavior:
Spin up a yoga server, use the in built GraphiQL to perform a subscription and you can see the headers.
Expected behavior
Headers should not be pushed to extensions.
The text was updated successfully, but these errors were encountered: