Version 4
supported
This version of Silverstripe CMS is still supported though will not receive any additional features.
Go to documentation for the most recent stable version.
Security & best practices
- Authentication
- Ensure your GraphQL api is only accessible to provisioned users
- Cross-Origin Resource Sharing (CORS)
- Ensure that requests to your API come from a whitelist of origins
- CSRF protection
- Protect destructive actions from cross-site request forgery
- Recursive or complex queries
- Protecting against potentially malicious queries
- Strict HTTP method checking
- Ensure requests are GET or POST
You are viewing docs for silverstripe/graphql 4.x. If you are using 3.x, documentation can be found in the GitHub repository
Strict HTTP method checking
According to GraphQL best practices, mutations should be done over POST
, while queries have the option
to use either GET
or POST
. By default, this module enforces the POST
request method for all mutations.
To disable that requirement, you can remove the HTTPMethodMiddleware
from the QueryHandler
.
SilverStripe\GraphQL\QueryHandler\QueryHandlerInterface.default:
class: SilverStripe\GraphQL\QueryHandler\QueryHandler
properties:
Middlewares:
httpMethod: false