You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Strapi 4, GraphQL queries sent over HTTP GET requests receive a Forbidden access error. Everything works as expected running the same queries over POST requests.
The GraphQL endpoint is /graphql and serves successfully POST queries/mutations and the Playground Web Interface.
First thank you for reporting this feature need.
To manage feature requests and the Strapi roadmap, we are using Canny.
You will be able to access the Public Roadmap here: https://feedback.strapi.io.
In your message, please mention the URL of this thread in case some messages are posted there. But the most important is to have your feedback posted on our feedback/roadmap site.
The product team is reading EVERY comment, that really helps us to develop the project in the right direction. We are keeping all feature requests and project insights in one place, our feedback website.
In order to keep our GitHub issues clean and for valid bug reports this issue will be marked as closed, but please feel free to continue the discussion with other community members here.
Bug report
Required System information
Describe the bug
In Strapi 4, GraphQL queries sent over HTTP GET requests receive a
Forbidden access
error.Everything works as expected running the same queries over POST requests.
The GraphQL endpoint is
/graphql
and serves successfully POST queries/mutations and the Playground Web Interface.Steps to reproduce the behavior
Expected behavior
I should receive the GraphQL data as response.
Actual behavior
I receive the error:
Additional context
The issue is related to this portion of code that skips the authentication logic.
strapi/packages/plugins/graphql/server/bootstrap.js
Line 110 in dc96169
Removing this block of code, the GET requests work as expected and the Playground is still reachable on the same endpoint.
The text was updated successfully, but these errors were encountered: