graphql-multipart-request-spec
fetch
graphql-multipart-request-spec | fetch | |
---|---|---|
11 | 35 | |
981 | 2,078 | |
- | 0.5% | |
1.5 | 5.9 | |
about 1 month ago | 3 days ago | |
HTML | ||
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
graphql-multipart-request-spec
-
How can I upload a file in the GraphQL PLayground?
The GraphQL specification itself doesn't natively support file uploads, so the solution typically involves using extensions or additional libraries. The easiest and most straightforward way is by converting the file to Base64 before sending it to the server, you can include it as a string in the GraphQL request. This offcourse has a downside, it can increase the payload size, so it may not be the most efficient solution for large files. Other options that involve using extensions or additional libraries are using GraphQL multipart request specification and Apollo Server with Apollo Upload Client
-
GraphQL - From Excitement to Deception
Also, we manage to upload files via GraphQL just fine. Turns out nothing prevents you from putting a GraphQL query in a multipart form. Frameworks support this just fine, and if not, just write your own middleware, it's not even that hard.
-
Is it possible to pass CSV data to a mutation as an input parameter?
There is a specification (and implementation) for sending files through GraphQL. https://github.com/jaydenseric/graphql-multipart-request-spec
-
Forging GraphQL Bombs, the 2022 version of Zip Bombs
We figured out that it was possible to reference a file several times by implementing the reference spec (https://github.com/jaydenseric/graphql-multipart-request-spec) for both a client and a server. We have no record of this vulnerability used in the wild, but we know for sure that a lot of popular projects on GitHub are vulnerable.
The GraphQL multipart specification describes how to implement file uploads in GraphQL. While usual GraphQL queries are sent as application/json, file uploads are sent as multipart/form-data. This means that the HTTP request body has multiple parts, and their functions, described in the specification, can be summarized as follows:
-
How to set file data in GraphQL variables?
Hey, graphql-upload works on top of the graphql-multipart-request-spec, of which you can find the specification here.
-
How to Upload a file to GraphQL with VanillaJS
In this article you will learn the widely accepted method of implementing file upload which is becoming increasingly popular in new apps. The technique follows the specification by @jaydenseric.
-
Announcing GraphQL Yoga 2.0!
GraphQL-Multipart-Request: enables great file upload support.
-
GraphQL Tools V8 - Stitch Federation Services
Multipart File Uploads ✔️
-
The Stack #3
One important thing which GraphQL Spec did not discuss about is a way to transmit files over the wire when using GraphQL. This is where GraphQL Upload comes in. While not an official spec from GraphQL foundation, Jayden had done a great job to put together a multi part spec to address exactly this problem.
fetch
- JavaScript fetch does not support GET request with body
-
GitHub Engineering: When MTLS Is Done Wrong
mTLS has warts when used cross-origin. Fetch spec says that pre-flight requests mustn't include client certificates[1], so as a consequence servers behind mTLS authenticated proxy won't get a chance to reply to those pre-flight. Yet for non-preflighted requests it's fine to include client certificates..
[1] https://fetch.spec.whatwg.org/#cors-protocol-and-credentials
-
Node.js fetch() vs. Deno fetch(): Implementation details...
I've been testing full duplex streaming from and to the browser using fetch() in a Native Messaging host. (No browser currently support full duplex streaming even though HTTP/2 does, see Fetch body streams are not full duplex #1254).
-
How do I detect requests initiated by the new fetch standard? How should I detect an AJAX request in general?
Most js libraries use XMLHttpRequest and so provide HTTP_X_REQUESTED_WITH: XMLHttpRequest, but neither Chrome's implementation nor Github's polyfill of the new fetch uses a similar header. So how can one detect that the request is AJAX?
-
Server Sent Events
Any resource of significance should be given a URI. https://www.w3.org/DesignIssues/Axioms.html#uri
Or alternatively,
> Cool URLs don't change (implicitly, cool things have URLs, see above). https://www.w3.org/Provider/Style/URI
The advantage would be so high. It'd become a standard way to assert a resource, to make known a fact, that would be viable across systems. Instead of pushing to a chat app an anonymous chat message in a room, the server could assert a /room/42/msg/c0f3 resource, could identify universally what it is it's sending.
We have come glancingly close to getting such a thing so many times. The HyBi mailing list that begat websockets had a number of alternate more resourceful ideas floating around such as a BEEP protocol that allowed patterns beyond request/response of resources. The browser actually implements an internal protocol that uses HTTP2/push to send resourceful messages... Even though http2/push was de-implemented for webserving in general, and even though ability to hear push events was never implemented (oft requested).
The best we have today is to stream json-ls events, which have an @id property identifying them. But developers would have to snoop these events, and store them in a service worker, to make them actually accessible as http resources.
I continue to hold hope eventually we'll get better at using urls to send data, to assert new things happening... But it's been nearly 30 years of me hoping, and with some fleeting exceptions the browser teams have seemed disinterested in making urls cool, in spite of a number of requests. https://github.com/whatwg/fetch/issues/65 was an old request. https://github.com/whatwg/fetch/issues/607 had some steam in making it happen.
-
[Express] - How to have a self-updating display in browser window? Template Engines sufficient? Or use Vue/Angular/React?]
Fetch
-
Adding timeout and multiple abort signals to fetch() (TypeScript/React)
Proposal: fetch with multiple AbortSignals - I got the idea of merging multiple signals from here.
-
My experience being blocked by Google Safe Browsing
Port 10080 is blocked on most browsers[0] per the WhatWG "bad ports" list[1]. That particular port was added to the list due to the Slipstream attack[2] that made the news a few years ago[3].
You don't have to switch to a browser that ignores standard security mitigations. Just pick a different port for your service.
[0] I just tested Chrome, Firefox, and Safari.
[1] https://fetch.spec.whatwg.org/#bad-port
[2] https://samy.pl/slipstream/
[3] https://news.ycombinator.com/item?id=24955891
-
Substack is now powered by Ghost
Note that caching resources across sites isn't really a thing anymore. See https://github.com/whatwg/fetch/issues/904
- Help with HTTP requests
What are some alternatives?
graphql-tools - :wrench: Utility library for GraphQL to build, stitch and mock GraphQL schemas in the SDL-first approach
cors-anywhere - CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request.
altair - ✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.
undici - An HTTP/1.1 client, written from scratch for Node.js
apollo-server - 🌍 Spec-compliant and production ready JavaScript GraphQL server that lets you develop in a schema-first way. Built for Express, Connect, Hapi, Koa, and more.
deno - A modern runtime for JavaScript and TypeScript.
graphiql - GraphiQL & the GraphQL LSP Reference Ecosystem for building browser & IDE tools.
http-proxy - A full-featured http proxy for node.js
graphql-live-query - Realtime GraphQL Live Queries with JavaScript
cors-playground
insomnia - The open-source, cross-platform API client for GraphQL, REST, WebSockets, SSE and gRPC. With Cloud, Local and Git storage.
university-domains-list - University Domains and Names Data List & API