-
-
Notifications
You must be signed in to change notification settings - Fork 7.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Broken GraphQL endpoint on last Strapi versions #19073
Comments
This needs to be determined by product if it's intended as generally it's anti-pattern and considered a bad practice to use GraphQL over GET requests. As far as I'm aware the GET route was only ever intended for use with the playground and actual queries/mutations -should always- be done over POST. |
Related discussion: graphql/graphql-over-http#123 |
Likewise specific graphql specification does not require supporting GET: https://graphql.github.io/graphql-over-http/draft/#sec-Request |
Using GraphQL over GET requests is not an anti-pattern at all. I think you confused mutations which must use POST method. GraphQL queries instead should use an idempotent verb like GET and, in order to be cached by the browser, they must use an idempotent verb like GET. POST requests can not be cached by browsers. A GraphQL server should accept GET and POST requests and should not enforce one method over the other, because it's up to the client to decide the best strategy for its use cases.
My queries are served over GET method using Cache-Control, ETag and Last-Modified headers, which make them cachable by the browser. Switching to POST request would break completely the browser caching on any browser, which is not acceptable. |
Facing the exactly same issue. I was trying to implement the
It seems weird that:
Maybe expected features of graphQL is not correctly understood by Apollo & Strapi ? |
Anyone from the Strapi team can give an update about the planned timeline for the resolution of this bug, please? cc: @Eventyret |
@Eventyret can you increase the severity from |
We can raise it to medium but we still need clarification from our product team if GET requests were ever intended to work as from what I understood they were not. We specially advise users and especially EE customers to use REST where possible if caching is important. |
Hi dear Strapi team, do we have any update about the resolution of this issue? |
GET requests are not supported in Strapi 4 and have been added in Strapi 5 |
Actually it looks like a community pr was accepted in 4.22.0 to allow this in v4, so marking as closed. |
Bug report
Required System information
Describe the bug
In last Strapi 4 versions, GraphQL queries sent over HTTP GET requests receive a
Forbidden access
error.Everything works as expected running the same queries over POST requests.
The GraphQL endpoint is
/graphql
and serves successfully POST queries/mutations and the Playground Web Interface.This is NOT a feature request, but a regression on the GET endpoint after commit 4436f59. It was working as expected until version 4.3. Upgrading to last Strapi version broke my GraphQL ecommerce and I had to rollback to previous version.
Steps to reproduce the behavior
Expected behavior
I should receive the GraphQL data as response.
Actual behavior
I receive the error:
Additional context
The issue is related to this portion of code that skips the authentication logic.
strapi/packages/plugins/graphql/server/bootstrap.js
Line 110 in dc96169
Removing this block of code, the GET requests work as expected and the Playground is still reachable on the same endpoint.
The text was updated successfully, but these errors were encountered: