Disable form post by default by Shane32 · Pull Request #1139 · graphql-dotnet/server
Navigation Menu
{{ message }}
graphql-dotnet / server Public
- Notifications You must be signed in to change notification settings
- Fork 165
Merged
Conversation
Copy link
Member
Shane32
commented
Aug 4, 2024
Shane32
commented
Form post requests are not recommended, mostly due to CSRF concerns. Also the draft GraphQL-over-HTTP specification does not define the format of such a request. Since v7 we have stated that form post requests would be disabled by default in future versions. This PR disables form post requests by default.
Shane32 added 2 commits
August 4, 2024 01:02
Shane32
added this to the
8.0 milestone
Shane32
self-assigned this
Shane32
requested a review
from gao-artur
gao-artur approved these changes Aug 4, 2024
Shane32
merged commit
c48d21a
into
develop
Shane32
deleted the
disable_form_post
branch
dependabot
bot
mentioned this pull request
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants