Closed juona closed 5 years ago
Thanks for the report, I think the problem is here:
https://github.com/jaydenseric/graphql-upload/blob/v8.0.6/src/processRequest.mjs#L274
It's not specifically to do with variables
, as the object path could be to anywhere in the operations
object.
We need to detect the path is nonsense by putting a try catch around it or something, then on error return and exit with a relevant error like this:
https://github.com/jaydenseric/graphql-upload/blob/v8.0.6/src/processRequest.mjs#L267
A test needs to be added to cover this situation.
PR would be a big help!
Don't worry about a PR, I'm working on a fix…
Thank you, Jayden. I could have done a PR, you just reacted way sooner than I anticipated : ]
Published the fix in v8.0.7 🚀
Hello,
There have been issues like this one in the past, here's a new one I have found.
When sending a multipart request using some arbitrary REST client I can kill the express server. Namely, if the
variants
field in the operations header has a value other than an object, the server dies. A normal operations header would look something like this:{"operationName": null, "variables": {"images": [null, null]}, "query": "mutation ($images: [Upload!]!) { uploadImages(images: $images) { id image } }"}
If you change the value of
variables
({"images": [null, null]}
) to any of the following, sending such request will kill the server:Array
[]
and object{}
work fine. The error that is thrown is this: