-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ability to disable file uploads with Starlette integration #417
Labels
Comments
mcho421
changed the title
Ability to disable file uploads
Ability to disable file uploads with Starlette integration
Aug 29, 2020
rafalp
added
the
decision needed
Sounds like good idea, but will need closer scrutiny for final decision.
label
Nov 2, 2022
We could have |
rafalp
added
roadmap
Feature that we want to have included
and removed
decision needed
Sounds like good idea, but will need closer scrutiny for final decision.
labels
Jul 21, 2023
TMuszczekk
added
to do
and removed
roadmap
Feature that we want to have included
labels
Mar 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Would it be possible to have an option to disable file uploads with the Starlette integration (regardless of whether python-multipart is installed or not)?
I was reading https://ariadnegraphql.org/docs/other-integrations and was wondering whether it safe to allow GraphQL requests with a content type of
multipart/form-data
, since it mentions that onlyapplication/json
should be allowed.For example, if you have
pip install python-multipart
installed, and Starlette applicationmain.py
like:You could be tricked to click a button defined like this on a different website which could cause an unintended state change:
The text was updated successfully, but these errors were encountered: