jaydenseric/apollo-upload-client

"Unexpected end of form" returned when using Apollo Server v4

koborg opened this issue · 4 comments

We recently updated from Apollo Server v2 to Apollo Server v4.
Unfortunately we noticed that the File Upload broke, and the error message upon upload is:
"error","message":"Unexpected end of form","type":"graphql_error"

On our frontend app we are using Apollo Client v3.7.0 and the apollo-upload-client v17.0.0

Is there something specific that needs to be done, so we can work use the lib with ASv4?

Perhaps you need to set the option:

{
  headers: {
    'Apollo-Require-Preflight': 'true'
  }
}

See: https://www.apollographql.com/docs/apollo-server/security/cors/#graphql-upload

Don't be put off by the wording like "The graphql-upload package has a known CSRF vulnerability" that Apollo uses in their docs. graphql-upload itself doesn't have a vulnerability, because it doesn't concern itself with authentication/authorization. It's up to project authors to implement that in their servers themselves in a way that makes sense for a given project. It would be equally silly to say "The express package has a known vulnerability" because it doesn't setup authentication by default.

Hi jaydenseric. Thanks for the answer.

We have the preflight header already set. It seems that there's an additional problem in the cooperation between the AS4 and the upload libraries. I will try to debug additionally and will inform here if I find the issue.

You have to install graphql-upload on your GraphQL API server, if you haven't already:

https://github.com/jaydenseric/graphql-upload#installation

Apollo Server doesn't integrate it by default anymore.

Yes it is installed. Basically we had absolutely working solution just as it is in the documentation (apollo-client-upload with graphql-upload etc...) until we updated to AS4.
Now whenever we try to upload a file through the FE app, it fails with "Unexpected end of form" on the server.
Interesting is that we don't face this issue when we use playground (Altair) and the file gets uploaded.
Thank you for you time!