Replies: 1 comment
-
|
Server-side of graphql-http is just a handler purely implementing the GraphQL over HTTP spec (see disclaimer in readme). All other additions that go out of the GraphQL transport scope are to be implemented user-land - exactly why graphql-http is a handler, and not a server. Anti-CSRF systems, CORS, encrypted cookies and token management is not something the core of this library intends to tackle. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
graphql-http seems to be vulnerable to CSRF attack.
Is it planed to implement an anti-CSRF system, like tokens management on GraphQL endpoints ?
Beta Was this translation helpful? Give feedback.
All reactions