Skip to content

Latest commit

 

History

History
1135 lines (1051 loc) · 59.6 KB

README.md

File metadata and controls

1135 lines (1051 loc) · 59.6 KB

* This report was auto-generated by graphql-http

GraphQL over HTTP audit report

  • 79 audits in total
  • 53 pass
  • ⚠️ 26 warnings (optional)

Passing

  1. SHOULD accept application/graphql-response+json and match the content-type
  2. MUST accept application/json and match the content-type
  3. SHOULD accept */* and use application/json for the content-type
  4. MUST use utf-8 encoding when responding
  5. MUST accept utf-8 encoded request
  6. MUST assume utf-8 in request if encoding is unspecified
  7. MUST accept POST requests
  8. MAY NOT allow executing mutations on GET requests
  9. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
  10. MUST accept application/json POST requests
  11. MUST require a request body on POST
  12. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
  13. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
  14. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
  15. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
  16. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
  17. SHOULD allow string {query} parameter when accepting application/graphql-response+json
  18. MUST allow string {query} parameter when accepting application/json
  19. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
  20. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
  21. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
  22. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
  23. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
  24. MUST allow string {operationName} parameter when accepting application/json
  25. SHOULD allow null {variables} parameter when accepting application/graphql-response+json
  26. MUST allow null {variables} parameter when accepting application/json
  27. SHOULD allow null {operationName} parameter when accepting application/graphql-response+json
  28. MUST allow null {operationName} parameter when accepting application/json
  29. SHOULD allow null {extensions} parameter when accepting application/graphql-response+json
  30. MUST allow null {extensions} parameter when accepting application/json
  31. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
  32. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
  33. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
  34. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
  35. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
  36. MUST allow map {variables} parameter when accepting application/json
  37. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
  38. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
  39. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
  40. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
  41. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
  42. MUST allow map {extensions} parameter when accepting application/json
  43. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
  44. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
  45. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
  46. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
  47. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
  48. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
  49. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
  50. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
  51. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
  52. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
  53. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json

Warnings

The server SHOULD support these, but is not required.

  1. SHOULD assume application/json content-type when accept is missing

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5b5-gDRXf8j0lbjWbmQpeY60iENT2cI\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1461",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
        "extensions": {
          "stacktrace": [
            "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
            "",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at preventCsrf (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:478:17)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  2. MAY accept application/x-www-form-urlencoded formatted GET requests

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5b5-gDRXf8j0lbjWbmQpeY60iENT2cI\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1461",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
        "extensions": {
          "stacktrace": [
            "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
            "",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at preventCsrf (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:478:17)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  3. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"588-sZ+sg/c+DRv3ORN3VlSdMHvZRkc\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1416",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at processGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/requestPipeline.js:68:13)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)",
            "    at async internalExecuteOperation (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:585:16)",
            "    at async runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:129:29)",
            "    at async runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:16)",
            "    at async ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:20)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  4. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"478-8ij0f1w1MThNqXuYJcCeFgzpLvg\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1144",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL queries must be strings.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL queries must be strings.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at ensureQueryIsStringOrMissing (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:67:15)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:77:13)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  5. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"588-sZ+sg/c+DRv3ORN3VlSdMHvZRkc\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1416",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at processGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/requestPipeline.js:68:13)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)",
            "    at async internalExecuteOperation (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:585:16)",
            "    at async runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:129:29)",
            "    at async runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:16)",
            "    at async ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:20)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  6. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"588-sZ+sg/c+DRv3ORN3VlSdMHvZRkc\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1416",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at processGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/requestPipeline.js:68:13)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)",
            "    at async internalExecuteOperation (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:585:16)",
            "    at async runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:129:29)",
            "    at async runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:16)",
            "    at async ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:20)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  7. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"478-8ij0f1w1MThNqXuYJcCeFgzpLvg\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1144",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL queries must be strings.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL queries must be strings.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at ensureQueryIsStringOrMissing (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:67:15)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:77:13)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  8. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"41a-nyphxrE/ooK9c9ewfugL9Rqrh2Y\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1050",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`operationName` in a POST body must be a string if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `operationName` in a POST body must be a string if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:97:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  9. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"41a-nyphxrE/ooK9c9ewfugL9Rqrh2Y\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1050",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`operationName` in a POST body must be a string if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `operationName` in a POST body must be a string if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:97:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  10. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"41a-nyphxrE/ooK9c9ewfugL9Rqrh2Y\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1050",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`operationName` in a POST body must be a string if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `operationName` in a POST body must be a string if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:97:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  11. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"41a-nyphxrE/ooK9c9ewfugL9Rqrh2Y\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1050",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`operationName` in a POST body must be a string if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `operationName` in a POST body must be a string if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:97:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  12. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"466-OpPmHAsn4oM5zvBonndNbzxWo1s\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1126",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`variables` in a POST body should be provided as an object, not a recursively JSON-encoded string.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `variables` in a POST body should be provided as an object, not a recursively JSON-encoded string.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:79:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  13. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"414-E6rr7b7CJtPuHGippFX8oDrojxw\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1044",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`variables` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `variables` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:92:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  14. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"414-E6rr7b7CJtPuHGippFX8oDrojxw\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1044",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`variables` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `variables` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:92:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  15. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"414-E6rr7b7CJtPuHGippFX8oDrojxw\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1044",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`variables` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `variables` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:92:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  16. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5b5-gDRXf8j0lbjWbmQpeY60iENT2cI\"",
    "date": "<timestamp>",
    "content-type": "application/graphql-response+json; charset=utf-8",
    "content-length": "1461",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
        "extensions": {
          "stacktrace": [
            "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
            "",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at preventCsrf (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:478:17)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  17. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5b5-gDRXf8j0lbjWbmQpeY60iENT2cI\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1461",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
        "extensions": {
          "stacktrace": [
            "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
            "",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at preventCsrf (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:478:17)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  18. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"468-TPRc6cNxt9MLpN3l67KK+40WYlI\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1128",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`extensions` in a POST body should be provided as an object, not a recursively JSON-encoded string.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `extensions` in a POST body should be provided as an object, not a recursively JSON-encoded string.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:82:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  19. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"416-3vSw59SW7xtE8bbw+NTHlFLLef4\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1046",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`extensions` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `extensions` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:87:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  20. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"416-3vSw59SW7xtE8bbw+NTHlFLLef4\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1046",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`extensions` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `extensions` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:87:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  21. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"416-3vSw59SW7xtE8bbw+NTHlFLLef4\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1046",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`extensions` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `extensions` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:87:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  22. SHOULD use 200 status code on JSON parsing failure when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "x-content-type-options": "nosniff",
    "date": "<timestamp>",
    "content-type": "text/html; charset=utf-8",
    "content-security-policy": "default-src 'none'",
    "content-length": "1108",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>SyntaxError: Unexpected end of JSON input<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)<br> &nbsp; &nbsp;at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18<br> &nbsp; &nbsp;at AsyncResource.runInAsyncScope (node:async_hooks:204:9)<br> &nbsp; &nbsp;at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)<br> &nbsp; &nbsp;at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)<br> &nbsp; &nbsp;at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)<br> &nbsp; &nbsp;at IncomingMessage.emit (node:events:513:28)<br> &nbsp; &nbsp;at endReadableNT (node:internal/streams/readable:1359:12)<br> &nbsp; &nbsp;at process.processTicksAndRejections (node:internal/process/task_queues:82:21)</pre>\n</body>\n</html>\n"
}

  23. SHOULD use 200 status code if parameters are invalid when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"588-sZ+sg/c+DRv3ORN3VlSdMHvZRkc\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1416",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at processGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/requestPipeline.js:68:13)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)",
            "    at async internalExecuteOperation (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:585:16)",
            "    at async runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:129:29)",
            "    at async runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:16)",
            "    at async ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:20)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

  24. SHOULD use 200 status code on document parsing failure when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"59f-wZcL/SqdL2p72c+22U9112bt9Sk\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1439",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "Syntax Error: Expected Name, found <EOF>.",
        "locations": [
          {
            "line": 1,
            "column": 2
          }
        ],
        "extensions": {
          "stacktrace": [
            "GraphQLError: Syntax Error: Expected Name, found <EOF>.",
            "    at syntaxError (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/error/syntaxError.js:15:10)",
            "    at Parser.expectToken (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1397:40)",
            "    at Parser.parseName (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:108:24)",
            "    at Parser.parseField (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:347:30)",
            "    at Parser.parseSelection (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:337:14)",
            "    at Parser.many (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1511:26)",
            "    at Parser.parseSelectionSet (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:320:24)",
            "    at Parser.parseOperationDefinition (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:231:28)",
            "    at Parser.parseDefinition (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:155:19)",
            "    at Parser.many (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1511:26)"
          ],
          "code": "GRAPHQL_PARSE_FAILED"
        }
      }
    ]
  }
}

  25. SHOULD use 200 status code on document validation failure when accepting application/json

    Response status code is not 200 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5ae-cH8StyqXwjsvF8Ml3ZMaXdrpW14\"",
    "date": "<timestamp>",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1454",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "Syntax Error: Invalid number, expected digit but got: \"f\".",
        "locations": [
          {
            "line": 1,
            "column": 4
          }
        ],
        "extensions": {
          "stacktrace": [
            "GraphQLError: Syntax Error: Invalid number, expected digit but got: \"f\".",
            "    at syntaxError (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/error/syntaxError.js:15:10)",
            "    at readNumber (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/lexer.js:550:40)",
            "    at readNextToken (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/lexer.js:413:14)",
            "    at Lexer.lookahead (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/lexer.js:84:29)",
            "    at Lexer.advance (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/lexer.js:67:38)",
            "    at Parser.advanceLexer (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1536:31)",
            "    at Parser.expectToken (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1393:12)",
            "    at Parser.many (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1507:10)",
            "    at Parser.parseSelectionSet (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:320:24)",
            "    at Parser.parseOperationDefinition (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:231:28)"
          ],
          "code": "GRAPHQL_PARSE_FAILED"
        }
      }
    ]
  }
}

  26. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json

    Response body is not valid JSON 
    {
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "x-content-type-options": "nosniff",
    "date": "<timestamp>",
    "content-type": "text/html; charset=utf-8",
    "content-security-policy": "default-src 'none'",
    "content-length": "1108",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": null
}