We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
First, thank you for the hard work to make such a great library :kudos
So I see from the example and found that mutation can be requested using GET method:
GET
https://github.com/graphql-go/graphql/blob/f02a1c961028d3ba7ac6bb22eaa09b31a2cb53dd/examples/crud/main.go#L136-L139
and look like that is by design. See line 68 below tries to get the query from query string. And I can't find a way to disable the GET method.
handler/handler.go
Lines 67 to 78 in f96ffdd
Because I am concerned that this is open for CSRF attack when you use Cookie authentication. Or am I missing something?
FYI: Apollo itself doesn't allow mutation request via GET method.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
First, thank you for the hard work to make such a great library :kudos
So I see from the example and found that mutation can be requested using
GET
method:https://github.com/graphql-go/graphql/blob/f02a1c961028d3ba7ac6bb22eaa09b31a2cb53dd/examples/crud/main.go#L136-L139
and look like that is by design. See line 68 below tries to get the query from query string. And I can't find a way to disable the
GET
method.handler/handler.go
Lines 67 to 78 in f96ffdd
Because I am concerned that this is open for CSRF attack when you use Cookie authentication. Or am I missing something?
FYI: Apollo itself doesn't allow mutation request via GET method.
The text was updated successfully, but these errors were encountered: