fix(audits/server): Check the actual content encoding instead of the indication (#41)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: enisdenjo

README.md

@@ -747,10 +747,12 @@ If you want a feature-full server with bleeding edge technologies, you're recomm
 | Name                                                               | Audit                                                    |
 | ------------------------------------------------------------------ | -------------------------------------------------------- |
 | [graphql-yoga](https://www.the-guild.dev/graphql/yoga-server)      | [✅ Compliant](/implementations/graphql-yoga/README.md)  |
+| [graphql-helix](https://www.graphql-helix.com/)                    | [✅ Compliant](/implementations/graphql-helix/README.md) |
 | [hotchocolate](https://chillicream.com/docs/hotchocolate)          | [✅ Compliant](/implementations/hotchocolate/README.md)  |
 | [pioneer](https://pioneer.dexclaimation.com/)                      | [✅ Compliant](/implementations/pioneer/README.md)       |
 | [postgraphile](https://www.graphile.org/postgraphile/)             | [✅ Compliant](/implementations/postgraphile/README.md)  |
 | [apollo-server](https://www.apollographql.com/docs/apollo-server/) | [✅ Compliant](/implementations/apollo-server/README.md) |
+| [deno](https://deno.com/blog/build-a-graphql-server-with-deno)     | [✅ Compliant](/implementations/deno/README.md)          |
 
 ## [Documentation](docs/)
 

implementations/apollo-server/README.md

@@ -11,8 +11,8 @@ _* This report was auto-generated by graphql-http_
 2. MUST accept application/json and match the content-type
 3. SHOULD accept \*/\* and use application/json for the content-type
 4. MUST use utf-8 encoding when responding
-5. MUST accept utf-8 encoding
-6. MUST assume utf-8 if encoding is unspecified
+5. MUST accept utf-8 encoded request
+6. MUST assume utf-8 in request if encoding is unspecified
 7. MUST accept POST requests
 8. MAY NOT allow executing mutations on GET requests
 9. SHOULD respond with 4xx status code if content-type is not supplied on POST requests

implementations/deno/README.md

@@ -3,43 +3,45 @@ _* This report was auto-generated by graphql-http_
 # GraphQL over HTTP audit report
 
 - **79** audits in total
-- ✅ **32** pass
+- ✅ **35** pass
 - ⚠️ **44** warnings (optional)
-- ❌ **3** errors (required)
 
 ## Passing
 1. MUST accept application/json and match the content-type
 2. SHOULD accept \*/\* and use application/json for the content-type
 3. SHOULD assume application/json content-type when accept is missing
-4. MUST accept POST requests
-5. MAY accept application/x-www-form-urlencoded formatted GET requests
-6. MAY NOT allow executing mutations on GET requests
-7. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-8. MUST accept application/json POST requests
-9. MUST require a request body on POST
-10. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
-11. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
-12. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
-13. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
-14. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
-15. MUST allow string {query} parameter when accepting application/json
-16. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
-17. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
-18. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
-19. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
-20. MUST allow string {operationName} parameter when accepting application/json
-21. MUST allow null {variables} parameter when accepting application/json
-22. MUST allow null {operationName} parameter when accepting application/json
-23. MUST allow null {extensions} parameter when accepting application/json
-24. MUST allow map {variables} parameter when accepting application/json
-25. MUST allow map {extensions} parameter when accepting application/json
-26. SHOULD use 200 status code if parameters are invalid when accepting application/json
-27. SHOULD use 200 status code on document parsing failure when accepting application/json
-28. SHOULD use 200 status code on document validation failure when accepting application/json
-29. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-30. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-31. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-32. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+4. MUST use utf-8 encoding when responding
+5. MUST accept utf-8 encoded request
+6. MUST assume utf-8 in request if encoding is unspecified
+7. MUST accept POST requests
+8. MAY accept application/x-www-form-urlencoded formatted GET requests
+9. MAY NOT allow executing mutations on GET requests
+10. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+11. MUST accept application/json POST requests
+12. MUST require a request body on POST
+13. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+14. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+15. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+16. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+17. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+18. MUST allow string {query} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+20. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+21. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+22. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+23. MUST allow string {operationName} parameter when accepting application/json
+24. MUST allow null {variables} parameter when accepting application/json
+25. MUST allow null {operationName} parameter when accepting application/json
+26. MUST allow null {extensions} parameter when accepting application/json
+27. MUST allow map {variables} parameter when accepting application/json
+28. MUST allow map {extensions} parameter when accepting application/json
+29. SHOULD use 200 status code if parameters are invalid when accepting application/json
+30. SHOULD use 200 status code on document parsing failure when accepting application/json
+31. SHOULD use 200 status code on document validation failure when accepting application/json
+32. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+33. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+34. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+35. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
 
 ## Warnings
 The server _SHOULD_ support these, but is not required.
@@ -935,77 +937,3 @@ The server _SHOULD_ support these, but is not required.
       </details>
 
 
-## Errors
-The server _MUST_ support these.
-
-  1. MUST use utf-8 encoding when responding<br />
-
-      <details>
-      <summary>Response body is not UTF-8 encoded</summary>
-      
-      ```json
-      {
-        "statusText": "OK",
-        "status": 200,
-        "headers": {
-          "vary": "Accept-Encoding",
-          "date": "<timestamp>",
-          "content-type": "application/json",
-          "content-length": "59",
-          "content-encoding": "gzip"
-        },
-        "body": null
-      }
-      ```
-      </details>
-      
-  2. MUST accept utf-8 encoding<br />
-
-      <details>
-      <summary>Response header content-type does not contain utf-8</summary>
-      
-      ```json
-      {
-        "statusText": "OK",
-        "status": 200,
-        "headers": {
-          "vary": "Accept-Encoding",
-          "date": "<timestamp>",
-          "content-type": "application/json",
-          "content-length": "59",
-          "content-encoding": "gzip"
-        },
-        "body": {
-          "data": {
-            "__typename": "Query"
-          }
-        }
-      }
-      ```
-      </details>
-      
-  3. MUST assume utf-8 if encoding is unspecified<br />
-
-      <details>
-      <summary>Response header content-type does not contain utf-8</summary>
-      
-      ```json
-      {
-        "statusText": "OK",
-        "status": 200,
-        "headers": {
-          "vary": "Accept-Encoding",
-          "date": "<timestamp>",
-          "content-type": "application/json",
-          "content-length": "59",
-          "content-encoding": "gzip"
-        },
-        "body": {
-          "data": {
-            "__typename": "Query"
-          }
-        }
-      }
-      ```
-      </details>
-      

implementations/deno/report.json

@@ -1,6 +1,6 @@
 {
   "total": 79,
-  "ok": 32,
+  "ok": 35,
   "warn": 44,
-  "error": 3
+  "error": 0
 }

implementations/express-graphql/README.md

@@ -11,8 +11,8 @@ _* This report was auto-generated by graphql-http_
 2. SHOULD accept \*/\* and use application/json for the content-type
 3. SHOULD assume application/json content-type when accept is missing
 4. MUST use utf-8 encoding when responding
-5. MUST accept utf-8 encoding
-6. MUST assume utf-8 if encoding is unspecified
+5. MUST accept utf-8 encoded request
+6. MUST assume utf-8 in request if encoding is unspecified
 7. MUST accept POST requests
 8. MAY accept application/x-www-form-urlencoded formatted GET requests
 9. MAY NOT allow executing mutations on GET requests

implementations/graph-client/README.md

@@ -11,8 +11,8 @@ _* This report was auto-generated by graphql-http_
 3. SHOULD accept \*/\* and use application/json for the content-type
 4. SHOULD assume application/json content-type when accept is missing
 5. MUST use utf-8 encoding when responding
-6. MUST accept utf-8 encoding
-7. MUST assume utf-8 if encoding is unspecified
+6. MUST accept utf-8 encoded request
+7. MUST assume utf-8 in request if encoding is unspecified
 8. MUST accept POST requests
 9. MAY accept application/x-www-form-urlencoded formatted GET requests
 10. MAY NOT allow executing mutations on GET requests