Unable to disable CSRF Middleware

[mkekit]

Module version(s) affected

5.1.3

Description

Unfortunately i'm not able to disable the CSRF protection as mentioned in the documentation. Here's the contents of my config under app/_config/graphql.yml:

---
Name: app-graphql
Only:
  classexists: 'SilverStripe\GraphQL\Schema\Schema'
After:
  - graphqlconfig
---
SilverStripe\GraphQL\Auth\Handler:
  authenticators:
    - class: SilverStripe\GraphQL\Auth\BasicAuthAuthenticator
      priority: 100

SilverStripe\GraphQL\Schema\Schema:
  schemas:
    default:
      src:
        - app/_graphql

SilverStripe\Core\Injector\Injector:
  SilverStripe\GraphQL\QueryHandler\QueryHandlerInterface.default:
    class: SilverStripe\GraphQL\QueryHandler\QueryHandler
    properties:
      Middlewares:
        csrf: false

Which leads to the following error:

"errors": [
        {
            "message": "Mutations must provide a CSRF token in the X-CSRF-TOKEN header",
            "code": 0,
            "file": "/var/www/html/vendor/silverstripe/graphql/src/Middleware/CSRFMiddleware.php",
            "line": 26
       }
]

What i've missed here?

Thanks in advance!

How to reproduce

• Add the above config
• Use a GraphQL Client
• Try to perform a GraphQL mutation

Possible Solution

No response

Additional Context

No response

Validations

• [X] Check that there isn't already an issue that reports the same bug
• [X] Double check that your reproduction steps work in a fresh installation of silverstripe/installer (with any code examples you've provided)

[mkekit]

Hello, I found a solution for the problem/behavior. After adding 'graphql-middlewares' additionally as 'After' in my graphql.yml config, everything works now. Perhaps this should also be added to the documentation?

Here's the updated configuration:

---
Name: app-graphql
Only:
  classexists: 'SilverStripe\GraphQL\Schema\Schema'
After:
  - graphqlconfig
  - 'graphql-middlewares'
---
...