-
Notifications
You must be signed in to change notification settings - Fork 565
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not GraphQL over http spec compliant for failure to coerce variables #3178
Comments
Hi! It appears that your reproduction sandbox doesn't exists. But I can suppose what is the problem here. This behavior only applies to spec compliant requests, which have an The yoga server tested against the I'm closing this, but if you still think something is wrong, don't hesitate to comment or reopen with an update reproduction case :-) |
How frustrating - took ages to create the sandbox. Leaving that aside, have you read the discussion I linked to graphql/graphql-over-http#288. The basic point is that yoga implements 400 for variables that don't validate against a GraphQL document, whereas the spec writers are quite clear that the 400 is meant only for scenarios where the variables provided do not comply with the general GraphQL spec of what variables can be (e.g. must be an object, not an array). Perhaps the graphql-http test suite has a mistake in it. I will raise your point with them. |
Actually reading more about it, the graphql-http project have not actually implemented a test suite to validate against (they have only described it), so perhaps there is a mistake in the implementation of the test suite you reference. |
The test suite can be found here: https://graphql-http.com/; and here's the report for graphql-yoga: https://github.com/graphql/graphql-http/tree/main/implementations/graphql-yoga The keyword here is |
@wheresrhys this is not the case. Maybe you're mixing Both of these audits pass when using the graphql-http test suite.
Also, Yoga implements the full graphql-http audit test suite as a part of its own tests. We make sure it's passing on each commit. |
Describe the bug
You appear to have implemented the behaviour for invalid parameters for the variable coercion failure case i.e. you are responding with a 400 when it should be a 200.
Your Example Website or App
https://codesandbox.io/p/sandbox/magical-kirch-5z4z8c
Steps to Reproduce the Bug or Issue
See code sandbox link above
Expected behavior
Expected a 200 but received 400
Screenshots or Videos
No response
Platform
graphql-yoga
: 5.0.1Additional context
Discussion on spec here See discussion here graphql/graphql-over-http#288
The text was updated successfully, but these errors were encountered: