* This report was auto-generated by graphql-http

GraphQL over HTTP audit report

78 audits in total
✅ 53 pass
⚠️ 25 warnings (optional)

Passing

22EB SHOULD accept application/graphql-response+json and match the content-type
4655 MUST accept application/json and match the content-type
47DE SHOULD accept */* and use application/json for the content-type
82A3 MUST use utf-8 encoding when responding
BF61 MUST accept utf-8 encoded request
78D5 MUST assume utf-8 in request if encoding is unspecified
2C94 MUST accept POST requests
9C48 MAY NOT allow executing mutations on GET requests
9ABE SHOULD respond with 4xx status code if content-type is not supplied on POST requests
03D4 MUST accept application/json POST requests
7267 MUST require a request body on POST
6610 SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
4F50 SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
4F51 SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
4F52 SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
4F53 SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
34A2 SHOULD allow string {query} parameter when accepting application/graphql-response+json
13EE MUST allow string {query} parameter when accepting application/json
E3E0 SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
E3E1 SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
E3E2 SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
E3E3 SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
8161 SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
B8B3 MUST allow string {operationName} parameter when accepting application/json
94B0 SHOULD allow null {variables} parameter when accepting application/graphql-response+json
0220 MUST allow null {variables} parameter when accepting application/json
94B1 SHOULD allow null {operationName} parameter when accepting application/graphql-response+json
0221 MUST allow null {operationName} parameter when accepting application/json
94B2 SHOULD allow null {extensions} parameter when accepting application/graphql-response+json
0222 MUST allow null {extensions} parameter when accepting application/json
69B0 SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
69B1 SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
69B2 SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
69B3 SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
2EA1 SHOULD allow map {variables} parameter when accepting application/graphql-response+json
28B9 MUST allow map {variables} parameter when accepting application/json
9040 SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
9041 SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
9042 SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
9043 SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
428F SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
1B7A MUST allow map {extensions} parameter when accepting application/json
60AA SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
2163 SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
3E36 SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
17C5 SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
34D6 SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
865D SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
556A SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
D586 SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
51FE SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
74FF SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
5E5B SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json

Warnings

The server SHOULD support these, but is not required.

80D8 SHOULD assume application/json content-type when accept is missing

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5b5-gDRXf8j0lbjWbmQpeY60iENT2cI\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1461",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
        "extensions": {
          "stacktrace": [
            "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
            "",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at preventCsrf (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:478:17)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

5A70 MAY accept application/x-www-form-urlencoded formatted GET requests

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5b5-gDRXf8j0lbjWbmQpeY60iENT2cI\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1461",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
        "extensions": {
          "stacktrace": [
            "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
            "",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at preventCsrf (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:478:17)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

3715 SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"588-sZ+sg/c+DRv3ORN3VlSdMHvZRkc\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1416",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at processGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/requestPipeline.js:68:13)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)",
            "    at async internalExecuteOperation (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:585:16)",
            "    at async runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:129:29)",
            "    at async runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:16)",
            "    at async ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:20)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

9FE0 SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"478-8ij0f1w1MThNqXuYJcCeFgzpLvg\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1144",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL queries must be strings.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL queries must be strings.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at ensureQueryIsStringOrMissing (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:67:15)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:77:13)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

9FE1 SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"588-sZ+sg/c+DRv3ORN3VlSdMHvZRkc\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1416",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at processGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/requestPipeline.js:68:13)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)",
            "    at async internalExecuteOperation (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:585:16)",
            "    at async runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:129:29)",
            "    at async runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:16)",
            "    at async ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:20)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

9FE2 SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"588-sZ+sg/c+DRv3ORN3VlSdMHvZRkc\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1416",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at processGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/requestPipeline.js:68:13)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)",
            "    at async internalExecuteOperation (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:585:16)",
            "    at async runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:129:29)",
            "    at async runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:16)",
            "    at async ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:20)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

9FE3 SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"478-8ij0f1w1MThNqXuYJcCeFgzpLvg\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1144",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL queries must be strings.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL queries must be strings.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at ensureQueryIsStringOrMissing (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:67:15)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:77:13)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

FB90 SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"41a-nyphxrE/ooK9c9ewfugL9Rqrh2Y\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1050",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`operationName` in a POST body must be a string if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `operationName` in a POST body must be a string if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:97:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

FB91 SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"41a-nyphxrE/ooK9c9ewfugL9Rqrh2Y\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1050",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`operationName` in a POST body must be a string if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `operationName` in a POST body must be a string if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:97:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

FB92 SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"41a-nyphxrE/ooK9c9ewfugL9Rqrh2Y\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1050",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`operationName` in a POST body must be a string if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `operationName` in a POST body must be a string if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:97:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

FB93 SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"41a-nyphxrE/ooK9c9ewfugL9Rqrh2Y\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1050",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`operationName` in a POST body must be a string if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `operationName` in a POST body must be a string if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:97:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

F050 SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"466-OpPmHAsn4oM5zvBonndNbzxWo1s\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1126",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`variables` in a POST body should be provided as an object, not a recursively JSON-encoded string.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `variables` in a POST body should be provided as an object, not a recursively JSON-encoded string.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:79:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

F051 SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"414-E6rr7b7CJtPuHGippFX8oDrojxw\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1044",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`variables` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `variables` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:92:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

F052 SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"414-E6rr7b7CJtPuHGippFX8oDrojxw\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1044",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`variables` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `variables` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:92:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

F053 SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"414-E6rr7b7CJtPuHGippFX8oDrojxw\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1044",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`variables` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `variables` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:92:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

D6D5 MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5b5-gDRXf8j0lbjWbmQpeY60iENT2cI\"",
    "date": "",
    "content-type": "application/graphql-response+json; charset=utf-8",
    "content-length": "1461",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
        "extensions": {
          "stacktrace": [
            "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
            "",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at preventCsrf (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:478:17)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

6A70 MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5b5-gDRXf8j0lbjWbmQpeY60iENT2cI\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1461",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight\n",
        "extensions": {
          "stacktrace": [
            "BadRequestError: This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a 'content-type' header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight",
            "",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at preventCsrf (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/preventCsrf.js:29:11)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:478:17)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

3680 SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"468-TPRc6cNxt9MLpN3l67KK+40WYlI\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1128",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`extensions` in a POST body should be provided as an object, not a recursively JSON-encoded string.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `extensions` in a POST body should be provided as an object, not a recursively JSON-encoded string.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:82:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

3681 SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"416-3vSw59SW7xtE8bbw+NTHlFLLef4\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1046",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`extensions` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `extensions` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:87:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

3682 SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"416-3vSw59SW7xtE8bbw+NTHlFLLef4\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1046",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`extensions` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `extensions` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:87:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

3683 SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"416-3vSw59SW7xtE8bbw+NTHlFLLef4\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1046",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "`extensions` in a POST body must be an object if provided.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: `extensions` in a POST body must be an object if provided.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:87:23)",
            "    at runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:22)",
            "    at ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:26)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

D477 SHOULD use 200 status code on JSON parsing failure when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "x-content-type-options": "nosniff",
    "date": "",
    "content-type": "text/html; charset=utf-8",
    "content-security-policy": "default-src 'none'",
    "content-length": "1108",
    "connection": "close",
    "access-control-allow-origin": "*"
  },
  "body": "\n\n\n\n<title>Error</title>\n\n\nSyntaxError: Unexpected end of JSON input
    at JSON.parse (<anonymous>)
    at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)
    at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18
    at AsyncResource.runInAsyncScope (node:async_hooks:204:9)
    at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)
    at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)
    at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)
    at IncomingMessage.emit (node:events:513:28)
    at endReadableNT (node:internal/streams/readable:1359:12)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)\n\n\n"
}

F5AF SHOULD use 200 status code if parameters are invalid when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"588-sZ+sg/c+DRv3ORN3VlSdMHvZRkc\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1416",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
        "extensions": {
          "stacktrace": [
            "BadRequestError: GraphQL operations must contain a non-empty `query` or a `persistedQuery` extension.",
            "    at new GraphQLErrorWithCode (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:7:9)",
            "    at new BadRequestError (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/internalErrorClasses.js:75:9)",
            "    at processGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/requestPipeline.js:68:13)",
            "    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)",
            "    at async internalExecuteOperation (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:585:16)",
            "    at async runHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/runHttpQuery.js:129:29)",
            "    at async runPotentiallyBatchedHttpQuery (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/httpBatching.js:34:16)",
            "    at async ApolloServer.executeHTTPGraphQLRequest (file:///home/runner/work/graphql-http/graphql-http/node_modules/@apollo/server/dist/esm/ApolloServer.js:496:20)"
          ],
          "code": "BAD_REQUEST"
        }
      }
    ]
  }
}

572B SHOULD use 200 status code on document parsing failure when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"59f-wZcL/SqdL2p72c+22U9112bt9Sk\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1439",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "Syntax Error: Expected Name, found .",
        "locations": [
          {
            "line": 1,
            "column": 2
          }
        ],
        "extensions": {
          "stacktrace": [
            "GraphQLError: Syntax Error: Expected Name, found .",
            "    at syntaxError (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/error/syntaxError.js:15:10)",
            "    at Parser.expectToken (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1397:40)",
            "    at Parser.parseName (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:108:24)",
            "    at Parser.parseField (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:347:30)",
            "    at Parser.parseSelection (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:337:14)",
            "    at Parser.many (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1511:26)",
            "    at Parser.parseSelectionSet (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:320:24)",
            "    at Parser.parseOperationDefinition (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:231:28)",
            "    at Parser.parseDefinition (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:155:19)",
            "    at Parser.many (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1511:26)"
          ],
          "code": "GRAPHQL_PARSE_FAILED"
        }
      }
    ]
  }
}

FDE2 SHOULD use 200 status code on document validation failure when accepting application/json

Response status code is not 200

{
  "statusText": "Bad Request",
  "status": 400,
  "headers": {
    "x-powered-by": "Express",
    "etag": "W/\"5ae-cH8StyqXwjsvF8Ml3ZMaXdrpW14\"",
    "date": "",
    "content-type": "application/json; charset=utf-8",
    "content-length": "1454",
    "connection": "close",
    "cache-control": "no-store",
    "access-control-allow-origin": "*"
  },
  "body": {
    "errors": [
      {
        "message": "Syntax Error: Invalid number, expected digit but got: \"f\".",
        "locations": [
          {
            "line": 1,
            "column": 4
          }
        ],
        "extensions": {
          "stacktrace": [
            "GraphQLError: Syntax Error: Invalid number, expected digit but got: \"f\".",
            "    at syntaxError (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/error/syntaxError.js:15:10)",
            "    at readNumber (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/lexer.js:550:40)",
            "    at readNextToken (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/lexer.js:413:14)",
            "    at Lexer.lookahead (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/lexer.js:84:29)",
            "    at Lexer.advance (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/lexer.js:67:38)",
            "    at Parser.advanceLexer (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1536:31)",
            "    at Parser.expectToken (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1393:12)",
            "    at Parser.many (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:1507:10)",
            "    at Parser.parseSelectionSet (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:320:24)",
            "    at Parser.parseOperationDefinition (/home/runner/work/graphql-http/graphql-http/node_modules/graphql/language/parser.js:231:28)"
          ],
          "code": "GRAPHQL_PARSE_FAILED"
        }
      }
    ]
  }
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

GraphQL over HTTP audit report

Passing

Warnings

Files

README.md

Latest commit

History

README.md

File metadata and controls

GraphQL over HTTP audit report

Passing

Warnings