Accept requests where `query` is a parsed AST representation
spawnia opened this issue · 4 comments
I have recently come to know that certain GraphQL tooling - apparently apollo and weaver proxies and gateways - send parsed representations of GraphQL operations instead of strings. Some servers do support this, see webonyx/graphql-php#279 for context.
Can and should we standardize this?
First of all, we would need a canonical specification of the AST format. As far as I can tell, the AST representation of a GraphQL document is not standardized in the GraphQL specification.
Next, I think this feature should most likely be optional - meaning servers can choose to support it, but are not required to do so. Clients must not expect this to work by default - but can it discover if a server supports it?
We should not allow it in the standardized format(s):
- AST is not standardized, as you note
- it inflates the payload size
- it provided a much more significant attack surface
However, if someone wants to use something like a binary representation of the query and it's more efficient to do so with an AST analogue then we should not specifically forbid it for their own media types/serialization formats. It is then up to them to handle those complexities.
In #175 I was careful to state that the JSON encoding use the string representation, but in general we just need to represent the document somehow.
@spawnia Can you clarify where Apollo products do this? The closest thing I can think of is that Apollo Server explicitly tries to detect whether this has happened in order to reject it with a clear error message. If other Apollo products do this, I suspect that's a bug.
I see that the issue you have linked says basically what you said, four years ago. I would be pretty surprised to learn that this is accurate today.
This issue was completely based on hearsay. Closing until I hear of a concrete case where this is actually used. Thanks for the feedback.