SITES-5185 - Ensure all GraphQL Queries to publisher are using Persistent Queries and not POST requests #922
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…tent Queries and not POST requests
krystiannowak
approved these changes
Apr 21, 2022
…tent Queries and not POST requests
krystiannowak
approved these changes
Apr 21, 2022
10 tasks
keepthebyte
suggested changes
Apr 22, 2022
| # GraphQL also supports "GET" requests, if you intend to use "GET" add a rule in filters.any | ||
| /0060 { /type "allow" /method '(POST|OPTIONS)' /url "/content/_cq_graphql/*/endpoint.json" } | ||
| # GraphQL also supports "GET" or "POST" requests, if you intend to use "GET" or "POST" add a rule in filters.any | ||
| /0060 { /type "allow" /method '(OPTIONS)' /url "/content/_cq_graphql/*/endpoint.json" } |
There was a problem hiding this comment.
I understand we want to block usage of POST on publish.. - why do we still support OPTION?
Maybe we should - in the comment above - mention that we recommend to use Persisted Queries.
There was a problem hiding this comment.
@keepthebyte we have to keep the POST requests available for stage and dev environments so I updated this PR accordingly to allow better filtering for all customers based on environment type see also my comment https://git.corp.adobe.com/Granite/dispatcher-k8s-base/pull/152#issuecomment-4099643
…tent Queries and not POST requests
…tent Queries and not POST requests
sandru85
added a commit
to sandru85/aem-project-archetype
that referenced
this pull request
May 11, 2022
…tent Queries and not POST requests (adobe#922)
pankaj-parashar
pushed a commit
that referenced
this pull request
Jun 27, 2022
* CIF-2628 - Remove reference to Venia from Archetype (#873) * remove references to Venia * Issue/angular ssr - io runtime support Provide support for IO runtime in the angular spa editor. This will provide support for performing SSR for aem in the cloud as well. Co-authored-by: Niek Raaijmakers <raaijmak@adobe.com> Co-authored-by: Zoran Nikolovski <nikolovs@adobe.com> * releng - Update CIF to January release (#881) * releng - Update CIF to January release * Add feedback * CIF-2678 - Styling is broken on catalog page in Venia and archetype projects (#884) * fixed HTL syntax in catalogpage customheaderlibs.html * CIF-2638: Move navigation styling to archetype (#888) * add rule to remove form ui test assets if not a forms project (#890) * Update aemanalyser maven plugin to 1.4.0 (#895) * Bump log4js in /src/main/archetype/ui.tests/test-module (#879) Bumps [log4js](https://github.com/log4js-node/log4js-node) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/log4js-node/log4js-node/releases) - [Changelog](https://github.com/log4js-node/log4js-node/blob/master/CHANGELOG.md) - [Commits](log4js-node/log4js-node@v6.3.0...v6.4.0) --- updated-dependencies: - dependency-name: log4js dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump nanoid in /src/main/archetype/ui.frontend.general (#880) Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.30 to 3.2.0. - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.1.30...3.2.0) --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump node-fetch in /src/main/archetype/ui.frontend.general (#883) Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.6 to 2.6.7. - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.6...v2.6.7) --- updated-dependencies: - dependency-name: node-fetch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump aem-testing-clients to 1.0.5 (#892) Fixes: SLING-11131 - Remove Guava Dependency for CVE-2018-10237 and CVE-2020-8908 SLING-11124 - Update Apache HTTP Client Dependency for CVE-2020-13956 Allow to set "forceBasicAuth" for author and publish instance separately Co-authored-by: Andrei Tuicu <tuicu@adobe.com> * Bump follow-redirects in /src/main/archetype/ui.frontend.general (#894) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.6 to 1.14.8. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.14.6...v1.14.8) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Restore .gitignore files to generated projects (#889) * restore gitignore file * disable default exclude rule * Update Core Components to v2.18.0 (#897) * Update Core Components to v2.18.0 - update dependency of core components to latest v2.18.0 - update resourceSuperType of proxy components to latest component version - enable inheritance of edit config from parent component - remove deprecated sharing component fixes #896 * Adjust AIO SSR configuration, handle gzip payload (#903) Co-authored-by: Cezary Czernecki <czerneck@adobe.com> Co-authored-by: Hanish Bansal <38317539+habansal@users.noreply.github.com> * CIF-2721: update CIF Core Components to 2.6.0 (#899) * CIF-2526 - Add add-to-cart button in all product collections (#904) * updated style templates for productcarousel, productcollection and productlist component * Update forms (#901) * Update Forms Core Components to v1.0.4 Also include examples if user chose to in project creation @review @rismehta * CQ-4331109 Update to forms core components v1.0.6 * Update AEM Analyser Maven Plugin to 1.4.2 (#906) * updated README and VERSIONS for 36 release (#908) Co-authored-by: ddewanji <ddewanji@adobe.com> * Release/36 merge into develop after release step (#909) * [maven-release-plugin] prepare release aem-project-archetype-36 * [maven-release-plugin] prepare for next development iteration Co-authored-by: adobe-bot <Grp-opensourceoffice@adobe.com> * Update the AEMAnalyser update to 1.4.6 (#912) Co-authored-by: Niek Raaijmakers <raaijmak@adobe.com> * Adding updated immutable files gnerated by AEM Dispatcher Tools 2.0.91 (#918) * CIF-2734: update CIF Core Components to 2.8.0 and CIF GQL Client to 1.7.10 (#923) * Update Core Components to v2.19.0 (#926) * Update Core Components to v2.19.0 - update dependency of core components to 2.19.0 - set proxy search component to v2 - set proxy amp image component to v2 fixes #921 * SITES-5185 - Ensure all GraphQL Queries to publisher are using Persistent Queries and not POST requests (#922) * Update aemanalyser-maven-plugin to 1.4.8 (#928) Updating to the latest release to get some improvements and bugfixes. * Load js clientlibs async in customfooterlibs (#934) * CIF-2302 - JS error in console (#935) * load js clientlibs async in customfooterlibs * load js clientlibs async in customfooterlibs * Update aemanalyser plugin to 1.4.10 (#936) We should update to the latest release: https://github.com/adobe/aemanalyser-maven-plugin/releases/tag/aemanalyser-maven-plugin-1.4.10 * CIF-2289 - Create a CIF Page v3 component based on the WCM Page v3 (#933) * update CIF page to v3 * update CIF components to 2.9.0 * CIF-2732 - Teaser: add option to open CTA in a new Tab (#932) * updated commerce teaser proxy to v3 * Adding model.json cache settings to dispatcher (#937) * * adding model.json cache settings to dispatcher * bump of required version of spa.project.core * * adding model.json cache settings to dispatcher * bump of required version of spa.project.core Co-authored-by: Bartosz Borowski <pid63525@adobe.com> * Cq 4343453 (#945) * CQ-4343453 Initial commit for af2 forms component * CQ-4343453 using flag includeFormsheadless for headless forms * CQ-4343453 changes to include includeFormsheadless * CQ-4343453 Renaming * CQ-4343453 include ui.frontend.forms module * CQ-4343453 adding basic af2 template and some minor fixes * CQ-4343453 closing review comments * CQ-4343453 Update Readme * CQ-4343453 Updated package.json with aemforms dependencies, changes in template and templatetypes * CQ-4343453 Added Sample Form Json * CQ-4343453 Added test case * CQ-4343453 template-type editable * CQ-4343453 minor fixes * CQ-4343453 removing unnecessary lines * CQ-4343453 aligning npm packages to new names * CQ-4343453 Review comments * CQ-4343453 build fix * revert 940419a Co-authored-by: barshatr <barshatr@adobe.com> * CQ-4343453 Upgrade forms core components (#947) * CQ-4343453 Upgrade forms core components * CQ-4343453 Update @AEMFORMS artifacts in package.json Co-authored-by: barshatr <barshatr@adobe.com> * CQ-4343453 Update sample form for multiple submit fix (#948) Co-authored-by: barshatr <barshatr@adobe.com> * CQ-4343453 Exclude forms core components if cloud (#949) * CQ-4343453 Exclude forms core components if cloud * CQ-4343453 include sdk api for cloud * CQ-4343453 minor changes Co-authored-by: barshatr <barshatr@adobe.com> * updated README and VERSIONS for 37 release (#944) Co-authored-by: barshatr <barshatr@adobe.com> * CQ-4343453 remove debugger from form.tsx (#950) Co-authored-by: barshatr <barshatr@adobe.com> * [maven-release-plugin] prepare release aem-project-archetype-37 * [maven-release-plugin] prepare for next development iteration * remove extra spaces Co-authored-by: Burkhard Pauli <mail@bpauli.de> Co-authored-by: Mark J. Becker <herzog31@users.noreply.github.com> Co-authored-by: Niek Raaijmakers <niekraaijmakers@gmail.com> Co-authored-by: Niek Raaijmakers <raaijmak@adobe.com> Co-authored-by: Zoran Nikolovski <nikolovs@adobe.com> Co-authored-by: Levente Sántha <levente@adobe.com> Co-authored-by: Daniel Gordon <dgordon@adobe.com> Co-authored-by: Carsten Ziegeler <cziegele@adobe.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andrei Tuicu <andrei.tuicu@gmail.com> Co-authored-by: Andrei Tuicu <tuicu@adobe.com> Co-authored-by: Cezary Czernecki <czarek.czernecki@gmail.com> Co-authored-by: Cezary Czernecki <czerneck@adobe.com> Co-authored-by: Hanish Bansal <38317539+habansal@users.noreply.github.com> Co-authored-by: Dirk Rudolph <drudolph@adobe.com> Co-authored-by: Viresh Gupta <virresh@users.noreply.github.com> Co-authored-by: David Bosschaert <bosschae@adobe.com> Co-authored-by: deepprakash345 <deepprakash345@gmail.com> Co-authored-by: ddewanji <ddewanji@adobe.com> Co-authored-by: adobe-bot <Grp-opensourceoffice@adobe.com> Co-authored-by: Patrick Heinzelmann <patrick.heinzelmann@antegma.com> Co-authored-by: Andreea Miruna Moise <53038821+sandru85@users.noreply.github.com> Co-authored-by: Bartosz Borowski <mail@bborowski.com> Co-authored-by: Bartosz Borowski <pid63525@adobe.com> Co-authored-by: barshatr <barshatr@adobe.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…
Description
Disable POST requests for Graphql persisted queries
Related Issue
SITES-5185
Motivation and Context
Immutable files should not be different between SDK and archetype.
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist: