diff --git a/implementations/apollo-server/README.md b/implementations/apollo-server/README.md index 18d35d0a..314789fa 100644 --- a/implementations/apollo-server/README.md +++ b/implementations/apollo-server/README.md @@ -4,8 +4,8 @@

Passing

@@ -13,6 +13,7 @@
  • 22EB SHOULD accept application/graphql-response+json and match the content-type
  • 4655 MUST accept application/json and match the content-type
  • 47DE SHOULD accept */* and use application/json for the content-type
    • +
  • 80D8 SHOULD assume application/json content-type when accept is missing
  • 82A3 MUST use utf-8 encoding when responding
  • BF61 MUST accept utf-8 encoded request
  • 78D5 MUST assume utf-8 in request if encoding is unspecified
    • @@ -45,44 +46,6 @@

    Warnings

    The server SHOULD support these, but is not required.
      -
    1. 80D8 SHOULD assume application/json content-type when accept is missing -
      -Response status code is not 200 -
      {
-  "statusText": "Bad Request",
-  "status": 400,
-  "headers": {
-    "x-powered-by": "Express",
-    "etag": "W/\"5b5-gDRXf8j0lbjWbmQpeY60iENT2cI\"",
-    "date": "",
-    "content-type": "application/json; charset=utf-8",
-    "content-length": "1461",
-    "connection": "close",
-    "access-control-allow-origin": "*"
-  },
-  "body": {
-    "errors": [
-      {
-        "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
-        "extensions": {
-          "stacktrace": [
-            "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
-            "",
-            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
-            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
-            "    at preventCsrf (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)",
-            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:478:17)",
-            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
-          ],
-          "code": "BAD_REQUEST"
-        }
-      }
-    ]
-  }
-}
-
      -
      -
    2. 5A70 MAY accept application/x-www-form-urlencoded formatted GET requests
      Response status code is not 200 diff --git a/implementations/apollo-server/report.json b/implementations/apollo-server/report.json index abad12fe..aee301d1 100644 --- a/implementations/apollo-server/report.json +++ b/implementations/apollo-server/report.json @@ -1,6 +1,6 @@ { "total": 37, - "ok": 30, - "warn": 7, + "ok": 31, + "warn": 6, "error": 0 } diff --git a/implementations/postgraphile/README.md b/implementations/postgraphile/README.md index 3d6019c3..2ee927a2 100644 --- a/implementations/postgraphile/README.md +++ b/implementations/postgraphile/README.md @@ -4,14 +4,15 @@
      • 37 audits in total
        • -
      • 29 pass
        • -
      • ⚠️ 8 warnings (optional)
        • +
      • 30 pass
        • +
      • ⚠️ 7 warnings (optional)

      Passing

      1. 4655 MUST accept application/json and match the content-type
      2. 47DE SHOULD accept */* and use application/json for the content-type
        3. +
      3. 80D8 SHOULD assume application/json content-type when accept is missing
      4. 82A3 MUST use utf-8 encoding when responding
      5. BF61 MUST accept utf-8 encoded request
      6. 78D5 MUST assume utf-8 in request if encoding is unspecified
        7. @@ -65,30 +66,6 @@ The server SHOULD support these, but is not required.
      3. -
    3. 80D8 SHOULD assume application/json content-type when accept is missing -
      -Response status code is not 200 -
      {
-  "statusText": "Method Not Allowed",
-  "status": 405,
-  "headers": {
-    "date": "",
-    "content-type": "application/json; charset=utf-8",
-    "content-length": "60",
-    "connection": "close",
-    "allow": "POST, OPTIONS"
-  },
-  "body": {
-    "errors": [
-      {
-        "message": "Only `POST` requests are allowed."
-      }
-    ]
-  }
-}
-
      -
      -
    4. 5A70 MAY accept application/x-www-form-urlencoded formatted GET requests
      Response status code is not 200 diff --git a/implementations/postgraphile/report.json b/implementations/postgraphile/report.json index a86feca8..abad12fe 100644 --- a/implementations/postgraphile/report.json +++ b/implementations/postgraphile/report.json @@ -1,6 +1,6 @@ { "total": 37, - "ok": 29, - "warn": 8, + "ok": 30, + "warn": 7, "error": 0 } diff --git a/src/audits/server.ts b/src/audits/server.ts index 239be3fe..c164b5f8 100644 --- a/src/audits/server.ts +++ b/src/audits/server.ts @@ -94,10 +94,14 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] { '80D8', 'SHOULD assume application/json content-type when accept is missing', async () => { - const url = new URL(await getUrl(opts.url)); - url.searchParams.set('query', '{ __typename }'); + const res = await fetchFn(await getUrl(opts.url), { + method: 'POST', + headers: { + 'content-type': 'application/json', + }, + body: JSON.stringify({ query: '{ __typename }' }), + }); - const res = await fetchFn(url.toString()); ressert(res).status.toBe(200); ressert(res).header('content-type').toContain('application/json'); },