Open mike-marcacci opened 5 years ago
wtrocki
commented
4 years ago Worth noting that this spec is now widely adopted in popular GraphQL servers and became standard on its own. OData specification which is very close to the HTTP protocol have similar concepts for binary formats.
dylanowen
commented
2 years ago If we are looking at integrating graphql multipart spec into graphql over http I'd recommend we rework the implementation. The current spec is very specific to a JS Server Middleware and other languages have to work around these constraints when implementing it.
glasser
commented
1 year ago I would not recommend adding this to the spec, but if we do, it should only be done in a way that discourages users from accidentally exposing themselves to CSRF errors; naive usage of this multipart spec generally adds CSRF mutations to cookie-using servers that are otherwise protected against them. I'd recommend reading my proposed security addition to the multipart spec as part of considering this: https://github.com/jaydenseric/graphql-multipart-request-spec/pull/64
When it comes to sending large scalars over HTTP, @jaydenseric's graphql multipart spec is the de facto standard at this point, being supported by many languages and tools, including Apollo's ecosystem.
There is probably value to either integrating or referencing his spec here.