Comments (6)
We can look at adding this feature. (Specifically, that the response status code is dependent not only on the response but the selected content type.) It would likely have to be in the next major version since it probably requires a redesign of some of the protected methods of the middleware. I think ultimately we want to determine the response content type earlier in the middleware logic to allow for adjusting behavior throughout the pipeline, for example to support subscriptions over SSE.
from server.
The latest 7.2.0 follows the draft GraphQL over HTTP spec, which returns application/graphql-response+json
and returns 400 in the case of a validation error.
If the GraphQL response does not contain the {data} entry then the server MUST reply with a 4xx or 5xx status code as appropriate.
Both the response content type and status code response are configurable.
See the ValidationErrorsReturnBadRequest
option and the DefaultResponseContentType
properties of the options. For example:
app.UseGraphQL("/graphql", options =>
{
options.DefaultResponseContentType = MediaTypeHeaderValueMs.Parse("application/json");
options.ValidationErrorsReturnBadRequest = false;
});
Note that if the HTTP Accept
header is provided to the request, the response will attempt to use a matching content type -- but the selection of the response content type does not alter the response status code. So in the default configuration, 400 errors may be returned with the application/json
content type if the application/json
content type was requested via the Accept
header.
from server.
@gao-artur You provided irrelevant parts of the spec. The problem is not about intermediary servers or content type. The problem is the data itself. @Shane32 pointed in the right direction. Since v7 server returns 4xx if data entry is empty, i.e. execution was not started at all, that means some validation error or any other arbitrary server-side error occurred BEFORE actual execution of GraphQL query.
from server.
@sungam3r You may wish to read this section again https://github.com/graphql/graphql-over-http/blob/main/spec/GraphQLOverHTTP.md#applicationjson
@gao-artur is correct that 400 is "strongly discouraged" for well-formed GraphQL responses with the "application/json" content type.
This section only applies when the response body is to use the application/json media type.
The server SHOULD use the 200 status code, independent of any GraphQL request error or GraphQL field error raised.
We are catering to the application/graphql-response+json
content type and although we vary the response content type based on the Accept header, we do not have code that sets the status code based on which response content type was selected.
from server.
OK, too many combinations to remember.
from server.
Thanks, this explains the observed behavior and provided configuration indeed solves my issue. But I think this should be the default behavior for application/json
as the other one is discouraged
from server.
Related Issues (20)
- Using Altair UI while not connected to the internet HOT 3
- How to use plugins in Altair? HOT 6
- Duende Identity Server 4 / GraphQl Authorize - Always error 403 HOT 16
- Missing classes while upgrading to GraphQL.Server.All from GraphQL.Server.* libraries HOT 11
- Disable ReadFormOnPost by default
- Consider adding CSRF protection for GET requests
- Content Security Policy and CDN Scripts HOT 7
- I'm attempting to implement a dual authentication scheme and I'm wondering whether it's feasible. If it is possible, could you assist me by pointing out any mistakes I might be making? HOT 13
- Invalid HTML HOT 2
- [Feature] Add proper support of Accept HTTP header HOT 2
- Root Query Issue HOT 4
- Return 406 on unsupported Accept header
- Come up with something for comments about Accept header
- Question: Extensibility to use other transport protocol? HOT 5
- Question about upgrading from 6xx to 7xx: VoyagerOptions HOT 4
- Subscriptions set-up netcore 6.0, GraphQL 7.1.1 HOT 6
- Is there a way to change the status code of the authorization extension from 400 to 401? HOT 10
- Validation rules and Policies errors after update to v7 HOT 11
- .net core 7 AddAuthorizationRule not work HOT 29
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from server.