fix(audits/server): A server MAY support GET requests (#18)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

README.md

@@ -733,9 +733,9 @@ If you want a feature-full server with bleeding edge technologies, you're recomm
 | ------------------------------------------------------------------ | ------------------------------------------------------------------ |
 | [graphql-yoga](https://www.the-guild.dev/graphql/yoga-server)      | [✅ Fully compliant](/implementations/graphql-yoga/README.md)      |
 | [hotchocolate](https://chillicream.com/docs/hotchocolate)          | [✅ Fully compliant](/implementations/hotchocolate/README.md)      |
+| [apollo-server](https://www.apollographql.com/docs/apollo-server/) | [✅ Partially compliant](/implementations/apollo-server/README.md) |
 | [mercurius](https://mercurius.dev)                                 | [✅ Partially compliant](/implementations/mercurius/README.md)     |
-| [graphql-helix](https://www.graphql-helix.com/)                    | [✅ Partially compliant](/implementations/graphql-helix/README.md) |
-| [apollo-server](https://www.apollographql.com/docs/apollo-server/) | [⚠️ Not compliant](/implementations/apollo-server/README.md)       |
+| [graphql-helix](https://www.graphql-helix.com/)                    | [⚠️ Not compliant](/implementations/graphql-helix/README.md)       |
 
 ## [Documentation](docs/)
 

implementations/apollo-server/README.md

@@ -3,61 +3,63 @@ _* This report was auto-generated by graphql-http_
 # GraphQL over HTTP audit report
 
 - **73** audits in total
-- ✅ **32** pass
-- ⚠️ **37** warnings (optional)
-- ❌ **4** errors (required)
+- ✅ **35** pass
+- ⚠️ **38** warnings (optional)
 
 ## Passing
-1. MUST accept utf-8 encoding
-2. MUST assume utf-8 if encoding is unspecified
-3. MUST accept POST requests
-4. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-5. MUST accept application/json POST requests
-6. MUST require a request body on POST
-7. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-8. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
-9. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-10. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-11. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
-12. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-13. MUST allow string {query} parameter when accepting application/json
-14. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-15. MUST allow string {operationName} parameter when accepting application/json
-16. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-17. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-18. MUST allow map {variables} parameter when accepting application/json
-19. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
-20. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-21. MUST allow map {extensions} parameter when accepting application/json
-22. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-23. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-24. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-25. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-26. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-27. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-28. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-29. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-30. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-31. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-32. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+1. SHOULD accept application/graphql-response+json and match the content-type
+2. MUST accept application/json and match the content-type
+3. MUST use utf-8 encoding when responding
+4. MUST accept utf-8 encoding
+5. MUST assume utf-8 if encoding is unspecified
+6. MUST accept POST requests
+7. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+8. MUST accept application/json POST requests
+9. MUST require a request body on POST
+10. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+11. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+12. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+13. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+14. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+15. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+16. MUST allow string {query} parameter when accepting application/json
+17. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+18. MUST allow string {operationName} parameter when accepting application/json
+19. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+20. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+21. MUST allow map {variables} parameter when accepting application/json
+22. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+23. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+24. MUST allow map {extensions} parameter when accepting application/json
+25. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+26. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+27. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+28. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+29. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+30. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+31. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+32. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+33. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+34. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+35. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
 
 ## Warnings
 The server _SHOULD_ support these, but is not required.
-1. SHOULD accept application/graphql-response+json and match the content-type<br />
+1. SHOULD accept \*/\* and use application/graphql-response+json for the content-type<br />
 ```
-Status code 400 is not 200
+Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
 ```
-2. SHOULD accept \*/\* and use application/graphql-response+json for the content-type<br />
+2. SHOULD assume application/graphql-response+json content-type when accept is missing<br />
 ```
-Status code 400 is not 200
+Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
 ```
-3. SHOULD assume application/graphql-response+json content-type when accept is missing<br />
+3. MAY accept application/x-www-form-urlencoded formatted GET requests<br />
 ```
 Status code 400 is not 200
 ```
-4. MAY accept application/x-www-form-urlencoded formatted GET requests<br />
+4. MAY NOT allow executing mutations on GET requests<br />
 ```
-Status code 400 is not 200
+Status code 400 is not 405
 ```
 5. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json<br />
 ```
@@ -139,74 +141,60 @@ Execution result {"data":{"__typename":"Query"}} does not have a property 'error
 ```
 Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
 ```
-25. SHOULD allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json<br />
+25. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json<br />
+```
+Status code 400 is not 200
+```
+26. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json<br />
 ```
 Status code 400 is not 200
 ```
-26. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json<br />
+27. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json<br />
 ```
 Status code 200 is not 400
 ```
-27. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json<br />
+28. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json<br />
 ```
 Status code 200 is not 400
 ```
-28. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json<br />
+29. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json<br />
 ```
 Status code 200 is not 400
 ```
-29. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json<br />
+30. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json<br />
 ```
 Status code 400 is not 200
 ```
-30. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json<br />
+31. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json<br />
 ```
 Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
 ```
-31. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json<br />
+32. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json<br />
 ```
 Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
 ```
-32. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json<br />
+33. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json<br />
 ```
 Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
 ```
-33. SHOULD use 200 status code on JSON parsing failure when accepting application/json<br />
+34. SHOULD use 200 status code on JSON parsing failure when accepting application/json<br />
 ```
 Status code 400 is not 200
 ```
-34. SHOULD use 200 status code if parameters are invalid when accepting application/json<br />
+35. SHOULD use 200 status code if parameters are invalid when accepting application/json<br />
 ```
 Status code 400 is not 200
 ```
-35. SHOULD use 200 status code on document parsing failure when accepting application/json<br />
+36. SHOULD use 200 status code on document parsing failure when accepting application/json<br />
 ```
 Status code 400 is not 200
 ```
-36. SHOULD use 200 status code on document validation failure when accepting application/json<br />
+37. SHOULD use 200 status code on document validation failure when accepting application/json<br />
 ```
 Status code 400 is not 200
 ```
-37. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json<br />
+38. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json<br />
 ```
 Response body is not valid JSON. Got "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>SyntaxError: Unexpected end of JSON input<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)<br> &nbsp; &nbsp;at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18<br> &nbsp; &nbsp;at AsyncResource.runInAsyncScope (node:async_hooks:203:9)<br> &nbsp; &nbsp;at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)<br> &nbsp; &nbsp;at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)<br> &nbsp; &nbsp;at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)<br> &nbsp; &nbsp;at IncomingMessage.emit (node:events:513:28)<br> &nbsp; &nbsp;at endReadableNT (node:internal/streams/rea...
 ```
 
-## Errors
-The server _MUST_ support these.
-1. MUST accept application/json and match the content-type<br />
-```
-Status code 400 is not 200
-```
-2. MUST use utf-8 encoding when responding<br />
-```
-Status code 400 is not 200
-```
-3. MUST NOT allow executing mutations on GET requests<br />
-```
-Status code 400 is not 405
-```
-4. MUST allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json<br />
-```
-Status code 400 is not 200
-```