Giters

ghostdogpr / caliban

Functional GraphQL library for Scala

Home Page:https://ghostdogpr.github.io/caliban/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Full compliance with GraphQL over HTTP spec

ghostdogpr opened this issue · comments

commented

See https://graphql-http.com/ and https://graphql.github.io/graphql-over-http/

GraphQL over HTTP audit report
60 audits in total
✅ 43 pass
💡 4 notices (suggestions)
⚠️ 13 warnings (optional)
Passing
4655 MUST accept application/json and match the content-type
47DE SHOULD accept */* and use application/json for the content-type
80D8 SHOULD assume application/json content-type when accept is missing
82A3 MUST use utf-8 encoding when responding
BF61 MUST accept utf-8 encoded request
78D5 MUST assume utf-8 in request if encoding is unspecified
2C94 MUST accept POST requests
5A70 MAY accept application/x-www-form-urlencoded formatted GET requests
9C48 MAY NOT allow executing mutations on GET requests
9ABE MAY respond with 4xx status code if content-type is not supplied on POST requests
03D4 MUST accept application/json POST requests
A5BF MAY use 400 status code when request body is missing on POST
LKJ0 MAY use 400 status code on object {query} parameter
LKJ1 MAY use 400 status code on number {query} parameter
LKJ2 MAY use 400 status code on boolean {query} parameter
LKJ3 MAY use 400 status code on array {query} parameter
13EE MUST allow string {query} parameter when accepting application/json
6C00 MAY use 400 status code on object {operationName} parameter
6C01 MAY use 400 status code on number {operationName} parameter
6C02 MAY use 400 status code on boolean {operationName} parameter
6C03 MAY use 400 status code on array {operationName} parameter
B8B3 MUST allow string {operationName} parameter when accepting application/json
0220 MUST allow null {variables} parameter when accepting application/json
0221 MUST allow null {operationName} parameter when accepting application/json
0222 MUST allow null {extensions} parameter when accepting application/json
4760 MAY use 400 status code on string {variables} parameter
4761 MAY use 400 status code on number {variables} parameter
4762 MAY use 400 status code on boolean {variables} parameter
4763 MAY use 400 status code on array {variables} parameter
28B9 MUST allow map {variables} parameter when accepting application/json
6A70 MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
58B0 MAY use 400 status code on string {extensions} parameter
58B1 MAY use 400 status code on number {extensions} parameter
58B2 MAY use 400 status code on boolean {extensions} parameter
58B3 MAY use 400 status code on array {extensions} parameter
1B7A MUST allow map {extensions} parameter when accepting application/json
B6DC MAY use 4xx or 5xx status codes on JSON parsing failure
BCF8 MAY use 400 status code on JSON parsing failure
572B SHOULD use 200 status code on document parsing failure when accepting application/json
FDE2 SHOULD use 200 status code on document validation failure when accepting application/json
7B9B SHOULD use a status code of 200 on variable coercion failure when accepting application/json
865D SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
51FE SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json

Notices
The server MAY support these, but are truly optional. These are suggestions following recommended conventions.
423L MAY use 400 status code on missing {query} parameter
Response status code is not 400
D6D5 MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
Response status code is not 200
8764 MAY use 4xx or 5xx status codes if parameters are invalid
Response status is not between 400 and 599
3E3A MAY use 400 status code if parameters are invalid
Response status code is not 400

Warnings
The server SHOULD support these, but is not required.
22EB SHOULD accept application/graphql-response+json and match the content-type
Response status code is not 200
34A2 SHOULD allow string {query} parameter when accepting application/graphql-response+json
Response status code is not 200
8161 SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
Response status code is not 200
94B0 SHOULD allow null {variables} parameter when accepting application/graphql-response+json
Response status code is not 200
94B1 SHOULD allow null {operationName} parameter when accepting application/graphql-response+json
Response status code is not 200
94B2 SHOULD allow null {extensions} parameter when accepting application/graphql-response+json
Response status code is not 200
2EA1 SHOULD allow map {variables} parameter when accepting application/graphql-response+json
Response status code is not 200
428F SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
Response status code is not 200
556A SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
Response status code is not 400
D586 SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
Response body is not valid JSON
74FF SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
Response status code is not 400
5E5B SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
Response body is not valid JSON
86EE SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json
Response status code is not 400