-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does the HTTP server return valid 403 responses for disallowed queries? #266
Labels
Comments
It should be returning the expected response, but I can't point at a test to assert this fact, so I will leave this open until this changes. |
rhyslbw
changed the title
cardano-graphql is returning
Does the HTTP server return valid 403 responses for disallowed queries?
Jul 31, 2020
500
errors to nginx
for disallowed queries.
Ok, looks like it's not. Will fix |
I've just confirmed that running a bad request directly against the cardano-graphql service running on the cardano-testnet returns 500 instead of the expected 40x error code:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Environment
IOHK mainnet
Platform
Steps to reproduce the bug
Graphql only allows specific queries, otherwise nginx returns 5XX on disallowed queries... It would be nice to find a way to configure things so disallowed graphql queries return 400 unauthorized rather than 5XX, because we are getting alerts across most environments because of disallowed queries to graphql returning 5XX. There are no alerts triggered if the response is 400, and we really don't care to know that people are querying disallowed graphql endpoints anyway.
What is the expected behaviour?
A 403 or similar response.
The text was updated successfully, but these errors were encountered: