Skip to content

Commit

Permalink
Don't parse empty extensions or variables as JSON (#3501)
Browse files Browse the repository at this point in the history 
* Update runHttpQuery.ts

If variables is an empty string than JSON.parse(variables) will throw an error.

* If extension is an empty string than JSON.parse will give an error

* re-writing the conditions in a logical order

* Remove guarding of pre-`typeof` check, where `typeof` is sufficient.

Using `typeof` on its own with a specific type desire is enough to guarantee
that the symbol is what it's expected to be.

* Add CHANGELOG.md for #3501.
  • Loading branch information
@namanmukund @abernix
namanmukund authored and abernix committed Nov 13, 2019
1 parent bf247fd commit 2728b9b
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ The version headers in this history reflect the versions of Apollo Server itself

> The changes noted within this `vNEXT` section have not been released yet. New PRs and commits which introduce changes should include an entry in this `vNEXT` section as part of their development. When a release is being prepared, a new header will be (manually) created below and the the appropriate changes within that release will be moved into the new section.
- `apollo-server-core`: Don't try parsing `variables` and `extensions` as JSON if they are defined but empty strings. [PR #3501](https://github.com/apollographql/apollo-server/pull/3501)

### v2.9.8

> [See complete versioning details.](https://github.com/apollographql/apollo-server/commit/3cdde1b7a71ace6411fbacf82a1a61bf737444a6)
Expand Down
4 changes: 2 additions & 2 deletions packages/apollo-server-core/src/runHttpQuery.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -366,7 +366,7 @@ function parseGraphQLRequest(
let queryString: string | undefined = requestParams.query;
let extensions = requestParams.extensions;

if (typeof extensions === 'string') {
if (typeof extensions === 'string' && extensions !== '') {
// For GET requests, we have to JSON-parse extensions. (For POST
// requests they get parsed as part of parsing the larger body they're
// inside.)
Expand Down Expand Up @@ -397,7 +397,7 @@ function parseGraphQLRequest(
const operationName = requestParams.operationName;

let variables = requestParams.variables;
if (typeof variables === 'string') {
if (typeof variables === 'string' && variables !== '') {
try {
// XXX Really we should only do this for GET requests, but for
// compatibility reasons we'll keep doing this at least for now for
Expand Down

0 comments on commit 2728b9b

Please sign in to comment.