Skip to content

Enforce custom header on formdata requests to protect against CSRF attack. #6188

New issue
New issue
Closed
#6189
Closed
Enforce custom header on formdata requests to protect against CSRF attack.#6188
#6189
Assignees
michaelstaib
Labels
securityPull requests that address a security vulnerability🌶️ hot chocolate
Milestone
HC-13.2.0
@michaelstaib

Description

@michaelstaib
michaelstaib
opened on May 23, 2023

By default we should enforce an extra header on formsdata request called graphql-preflight.
jaydenseric/graphql-multipart-request-spec#64 (comment)

Metadata

Metadata

Assignees

Labels

securityPull requests that address a security vulnerability🌶️ hot chocolate

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions