search

jaydenseric / apollo-upload-client

A terminating Apollo Link for Apollo Client that fetches a GraphQL multipart request if the GraphQL variables contain files (by default FileList, File, or Blob instances), or else fetches a regular GraphQL POST or GET request (depending on the config and GraphQL operation).
https://npm.im/apollo-upload-client
1.53k stars 156 forks source link

"Unexpected end of form" returned when using Apollo Server v4 #305

Closed koborg closed 1 year ago

koborg commented 1 year ago

We recently updated from Apollo Server v2 to Apollo Server v4. Unfortunately we noticed that the File Upload broke, and the error message upon upload is: "error","message":"Unexpected end of form","type":"graphql_error"

On our frontend app we are using Apollo Client v3.7.0 and the apollo-upload-client v17.0.0

Is there something specific that needs to be done, so we can work use the lib with ASv4?

jaydenseric commented 1 year ago

Perhaps you need to set the option:

{
  headers: {
    'Apollo-Require-Preflight': 'true'
  }
}

See: https://www.apollographql.com/docs/apollo-server/security/cors/#graphql-upload

Don't be put off by the wording like "The graphql-upload package has a known CSRF vulnerability" that Apollo uses in their docs. graphql-upload itself doesn't have a vulnerability, because it doesn't concern itself with authentication/authorization. It's up to project authors to implement that in their servers themselves in a way that makes sense for a given project. It would be equally silly to say "The express package has a known vulnerability" because it doesn't setup authentication by default.

koborg commented 1 year ago

Hi jaydenseric. Thanks for the answer.

We have the preflight header already set. It seems that there's an additional problem in the cooperation between the AS4 and the upload libraries. I will try to debug additionally and will inform here if I find the issue.

jaydenseric commented 1 year ago

You have to install graphql-upload on your GraphQL API server, if you haven't already:

https://github.com/jaydenseric/graphql-upload#installation

Apollo Server doesn't integrate it by default anymore.

koborg commented 1 year ago

Yes it is installed. Basically we had absolutely working solution just as it is in the documentation (apollo-client-upload with graphql-upload etc...) until we updated to AS4. Now whenever we try to upload a file through the FE app, it fails with "Unexpected end of form" on the server. Interesting is that we don't face this issue when we use playground (Altair) and the file gets uploaded. Thank you for you time!