From caffcae3be75d7bc2e10dc5c0cfa91280470f8c5 Mon Sep 17 00:00:00 2001 From: Jonathan Ehwald Date: Wed, 25 Jun 2025 18:57:02 +0200 Subject: [PATCH] feat(audit): graphql-response+json parsing failure handling Relevant section: 6.4.2 application/graphql-response+json https://graphql.github.io/graphql-over-http/draft/#sel-FANNNRCAACENz5F https://graphql.github.io/graphql-over-http/draft/#sel-HANNNXFFCAACCP8kC --- src/audits/server.ts | 15 +++++++++++++++ tests/__snapshots__/audits.test.ts.snap | 4 ++++ 2 files changed, 19 insertions(+) diff --git a/src/audits/server.ts b/src/audits/server.ts index d7b4f37..b998745 100644 --- a/src/audits/server.ts +++ b/src/audits/server.ts @@ -586,6 +586,21 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] { ressert(res).status.toBe(400); }, ), + audit( + 'B7N8', + 'SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json', + async () => { + const res = await fetchFn(await getUrl(opts.url), { + method: 'POST', + headers: { + 'content-type': 'application/json', + accept: 'application/graphql-response+json', + }, + body: '{ "not a JSON', + }); + ressert(res).status.toBe(400); + }, + ), audit( '8764', 'MAY use 4xx or 5xx status codes if parameters are invalid', diff --git a/tests/__snapshots__/audits.test.ts.snap b/tests/__snapshots__/audits.test.ts.snap index d8e9c5e..750aa05 100644 --- a/tests/__snapshots__/audits.test.ts.snap +++ b/tests/__snapshots__/audits.test.ts.snap @@ -194,6 +194,10 @@ exports[`should not change globally unique audit ids 1`] = ` "id": "BCF8", "name": "MAY use 400 status code on JSON parsing failure", }, + { + "id": "B7N8", + "name": "SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json", + }, { "id": "8764", "name": "MAY use 4xx or 5xx status codes if parameters are invalid",