Security & best practices#

Strict HTTP method checking#

According to GraphQL best practices, mutations should be done over POST, while queries have the option to use either GET or POST. By default, this module enforces the POST request method for all mutations.

To disable that requirement, you can remove the HTTPMethodMiddleware from the QueryHandler.

yaml

SilverStripe\GraphQL\QueryHandler\QueryHandlerInterface.default:
  class: SilverStripe\GraphQL\QueryHandler\QueryHandler
  properties:
    Middlewares:
      httpMethod: false

Security & best practices#

Strict HTTP method checking#

Further reading#