Cito
commented
2 months ago Hi @dkbarn, thanks for bringing this up.
Actually I believe this is ok in view of the comment directly in front of the lines you linked to. The error in the variable values should be caught during validation already and never happen when execute() is called via the high-level graphql() function that includes validation. Conversion of the ExecutionResult to a JSON response payload and removal of the data property with a null value for a request error should happen at the server level.
If you still believe the behavior of the values module should be changed, please report upstream at the GraphQL.js project since the goal of GraphQL-core is to implement the exact same behavior as this reference implementation. See the corresponding code here.
When callling graphql-core's
execute()function withvariable_valueswhich do not pass validation -- for example, including an unexpected key in thevariable_valuesdictionary -- the current behavior is that anExecutionResultobject is returned from the function, with the associated GraphQLError present inside it. Instead, this should be treated as a Request error, according to the spec, meaning that aGraphQLErrorshould be raised fromexecute().The GraphQL spec states:
This means that it is incorrect for the
coerce_variable_valuesfunction to be returning a GraphQLError inside an ExecutionResult: https://github.com/graphql-python/graphql-core/blob/9dcf25e66f6ed36b77de788621cf50bab600d1d3/src/graphql/execution/values.py#L93-L99doing so means that a response payload is returned containing both an "errors" key and a null "data" key. Again, this a violation of the spec: