View more context

 

sander_ha

Is there a bug with disabling CSRF token protection on the GrapQL manager? I'm trying this:

  1. SilverStripe\GraphQL\Manager:
  2. properties:
  3. Middlewares:
  4. ### Disable auto CSRF protection because we will use JWT security
  5. CSRFMiddleware: false

However I'm still getting the "Mutations must provide a CSRF token in the X-CSRF-TOKEN header" error

unclecheese

i think it has to be done on the manager instance

sander_ha
  1. SilverStripe\GraphQL\Manager.default:
  2. properties:
  3. Middlewares:
  4. ### Disable auto CSRF protection because we will use JWT security
  5. CSRFMiddleware: false # TODO currently not working

Doesnt work either

sander_ha

Yes like this:

  1. SilverStripe\Core\Injector\Injector:
  2. SilverStripe\GraphQL\Manager.default:
  3. properties:
  4. Middlewares:
  5. ### Disable auto CSRF protection because we will use JWT security
  6. CSRFMiddleware: false
reimerwilliam

Hello! @unclecheese @sander_ha We are trying to disable the CSRFMiddleware since we want to use JWT but we still get the error Mutations must provide a CSRF token in the X-CSRF-TOKEN header

  1. SilverStripe\Core\Injector\Injector:
  2. SilverStripe\GraphQL\Manager.default:
  3. properties:
  4. Middlewares:
  5. CSRFMiddleware: false

Tried above but still get the error

Also tried with `After: '#graphqlconfig'``

sander_ha

@reimerwilliam My setup is like this, not much else I can help you with really:

  1. ---
  2. Name: api-graphql
  3. After:
  4. - '#graphqlconfig'
  5. ---
  6.  
  7. ### Expose endpoint
  8. SilverStripe\Control\Director:
  9. rules:
  10. 'graphql': '%$SilverStripe\GraphQL\Controller.default'
  11.  
  12. SilverStripe\Core\Injector\Injector:
  13. SilverStripe\GraphQL\Manager.default:
  14. properties:
  15. Middlewares:
  16. ### Disable auto CSRF protection because we will use JWT security
  17. CSRFMiddleware: false
👍 (1)
reimerwilliam

Thanks for the reply, may I ask what version of Silverstripe and GraphQL you are running?

sander_ha

I'm back with another question! This section simply says "TODO" : https://github.com/silverstripe/silverstripe-graphql#define-input-types Does that mean that you can define an Object type as input type?

Show 1 attachment(s)
GitHub  
silverstripe/silverstripe-graphql

Serves SilverStripe data as GraphQL representations - silverstripe/silverstripe-graphql

Hide attachment content
sander_ha

Trying to do this for a mutator:

  1. public function args(): array
  2. {
  3. return [
  4. 'Order' => ['type' => $this->manager->getType('Order')]
  5. ];
  6. }
sander_ha

Ah, a specific "OrderInput" type must be defined with this snippet on it:

  1. protected $inputObject = true;