Skip to content

Latest commit

 

History

History
212 lines (207 loc) · 10.5 KB

README.md

File metadata and controls

212 lines (207 loc) · 10.5 KB

* This report was auto-generated by graphql-http

GraphQL over HTTP audit report

  • 73 audits in total
  • 32 pass
  • ⚠️ 37 warnings (optional)
  • 4 errors (required)

Passing

  1. MUST accept utf-8 encoding
  2. MUST assume utf-8 if encoding is unspecified
  3. MUST accept POST requests
  4. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
  5. MUST accept application/json POST requests
  6. MUST require a request body on POST
  7. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
  8. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
  9. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
  10. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
  11. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
  12. SHOULD allow string {query} parameter when accepting application/graphql-response+json
  13. MUST allow string {query} parameter when accepting application/json
  14. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
  15. MUST allow string {operationName} parameter when accepting application/json
  16. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
  17. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
  18. MUST allow map {variables} parameter when accepting application/json
  19. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
  20. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
  21. MUST allow map {extensions} parameter when accepting application/json
  22. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
  23. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
  24. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
  25. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
  26. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
  27. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
  28. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
  29. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
  30. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
  31. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
  32. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json

Warnings

The server SHOULD support these, but is not required.

  1. SHOULD accept application/graphql-response+json and match the content-type
Status code 400 is not 200
  1. SHOULD accept */* and use application/graphql-response+json for the content-type
Status code 400 is not 200
  1. SHOULD assume application/graphql-response+json content-type when accept is missing
Status code 400 is not 200
  1. MAY accept application/x-www-form-urlencoded formatted GET requests
Status code 400 is not 200
  1. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
Status code 400 is not 200
  1. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
Status code 400 is not 200
  1. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
Status code 400 is not 200
  1. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
Status code 400 is not 200
  1. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
Status code 400 is not 200
  1. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
Status code 400 is not 200
  1. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
Status code 400 is not 200
  1. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
Status code 200 is not 400
  1. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
Status code 400 is not 200
  1. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
  1. SHOULD use 200 status code on JSON parsing failure when accepting application/json
Status code 400 is not 200
  1. SHOULD use 200 status code if parameters are invalid when accepting application/json
Status code 400 is not 200
  1. SHOULD use 200 status code on document parsing failure when accepting application/json
Status code 400 is not 200
  1. SHOULD use 200 status code on document validation failure when accepting application/json
Status code 400 is not 200
  1. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
Response body is not valid JSON. Got "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>SyntaxError: Unexpected end of JSON input<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)<br> &nbsp; &nbsp;at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18<br> &nbsp; &nbsp;at AsyncResource.runInAsyncScope (node:async_hooks:203:9)<br> &nbsp; &nbsp;at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)<br> &nbsp; &nbsp;at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)<br> &nbsp; &nbsp;at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)<br> &nbsp; &nbsp;at IncomingMessage.emit (node:events:513:28)<br> &nbsp; &nbsp;at endReadableNT (node:internal/streams/rea...

Errors

The server MUST support these.

  1. MUST accept application/json and match the content-type
Status code 400 is not 200
  1. MUST use utf-8 encoding when responding
Status code 400 is not 200
  1. MUST NOT allow executing mutations on GET requests
Status code 400 is not 405
  1. MUST allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
Status code 400 is not 200