`graph-node` compliance to the GraphQL over HTTP specification

[dotansimha]

As part of the work done in the GraphQL Foundation, there is an active working group for defining how to run GraphQL over HTTP. This working group was working in the past 2 years to build a specification that is intended to fill this gap by specifying how GraphQL should be served over HTTP.
The main intention of this specification is to provide interoperability between different client libraries, tools and server implementations.

You can find the latest specification here

As part of @enisdenjo's work on this working group, they created a list of requirements, and a tool to audit and generate a compliant report.

You can find the report for graph-node here: https://github.com/enisdenjo/graphql-http/blob/master/implementations/thegraph/README.md and here's a list of issues that worth fixing soon:

1. MUST accept application/json and match the content-type
   

Content-Type header "text/html" does not contain "application/json"

2. MUST use utf-8 encoding when responding
   

Body is not UTF-8 encoded

3. MUST accept only utf-8 charset
   

Content-Type text/html status code 200 is not greater than or equal to 400

4. MUST accept POST requests
   

Status code 404 is not 200

5. MUST NOT allow executing mutations on GET requests
   

Status code 200 is not 405

6. MUST accept application/json POST requests
   

Status code 404 is not 200

7. MUST require a request body on POST
   

Status code 404 is not 400

8. MUST allow string {query} parameter when accepting application/json
   

Status code 404 is not 200

9. MUST allow string {operationName} parameter when accepting application/json
   

Status code 404 is not 200

10. MUST allow map {variables} parameter when accepting application/json
    

Status code 404 is not 200

11. MUST allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
    

Response body is not valid JSON. Got "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\" />\n<title>The GraphiQL</title>\n<script src=\"/cdn-cgi/apps/head/a-7iaLT0SRdb_kvxGKIYLrjkGzU.js\"></script><style>\n      .graphiql-container,\n      .graphiql-container button,\n      .graphiql-container input {\n        color: #141823;\n        font-family: system, -apple-system, San Francisco,\n          \".SFNSDisplay-Regular\", Segoe UI, Segoe, Segoe WP, Helvetica Neue,\n          helvetica, Lucida Grande, arial, sans-serif;\n        font-size: 14px;\n      }\n      .graphiql-container {\n        display: flex;\n        flex-direction: row;\n        height: 100%;\n        margin: 0;\n        overflow: hidden;\n        width: 100%;\n      }\n      .graphiql-container .editorWrap {\n        display: flex;\n        flex-direction: column;\n        flex: 1;\n        overflow-x: hidden;\n      }\n      .graphiql-container .title {\n        font-size: 18px;\n      }\n      .graphiql-container .title em {...

12. MUST allow map {extensions} parameter when accepting application/json
    

Status code 404 is not 200

Also related:

• Add GraphQL GET support for subgraph endpoints #2851 - support for GET requests.
• GraphQL validation: "variable not defined" ignored #3393
• graph, graphql: introduce GraphQL spec-compliant validation phase and rules #3057 - at the moment some failures returns a response with Content-type: application/json but the content is "invalid ..." (just a string) which causes a major failure for GraphQL clients to parse the response. The work on enabling the spec-based GraphQL validations should fix and address most of these