Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: apollographql/apollo-server
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: apollo-server@2.25.3
Choose a base ref
...
head repository: apollographql/apollo-server
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: apollo-server@2.25.4
Choose a head ref
  • 6 commits
  • 70 files changed
  • 4 contributors

Commits on Mar 9, 2022

  1. docs: fix error on custom directives page (#6183) 

    In `Example: Uppercasing strings` section, the top defines directive to `uppercase`, but in ApolloServer define to: `upper`.
so I change bottom one for work right
    @RayLin9981
    RayLin9981 authored Mar 9, 2022
    Copy the full SHA
    41671ec View commit details

Commits on Mar 15, 2022

  1. Updates for new docs infra (v2) (#6210) 

    * Prepare v2 server docs for new infra

* Update code fences

* Use a relative link

* Add algolia filters
    @trevorblades
    trevorblades authored Mar 15, 2022
    Copy the full SHA
    628fbb7 View commit details

  2. Remove files from old Gatsby docs theme (v2) (#6216) 

    * Remove files from old Gatsby docs theme

* Remove v2 docs static/_redirects

* Remove netlify.toml

* Update README.md
    @jgarrow
    jgarrow authored Mar 15, 2022
    Copy the full SHA
    c98507e View commit details

Commits on May 25, 2022

  1. Disable graphql-upload integration when it is not used (#6476) 

    By default, we run the graphql-upload middleware on all requests. This
middleware is vulnerable to mutation CSRF attacks because it parses POST
requests with `content-type: multipart/form-data`, which can happen in a
non-preflighted browser request. (Without graphql-upload, Apollo Server
won't process any mutations in non-preflighted requests, because
mutations must be in POST requests and normally that requires
`content-type: application/json` which must be preflighted.)

In order to safely use graphql-upload, you should upgrade to Apollo
Server v3.7 and use its new CSRF prevention feature. Because Apollo
Server 2 is not under active development we do not intend to backport
the full CSRF prevention feature to AS2.

However, we at least want to protect the users of Apollo Server 2 who
*don't* actually need graphql-upload to be enabled (which is probably
most of them). This PR changes the default behavior of Apollo Server 2
when no `uploads` parameter is passed. Instead of always executing the
graphql-upload middleware in this case, we only execute it if the
`Upload` scalar (which may be added automatically to the schema by AS
itself or may be provided by the user) is referenced somewhere in the
schema other than its own definition. This should be roughly
backwards-compatible; it only breaks the ability to use a
`graphql-upload`-based client with Apollo Servers that don't accept
uploads.

We also print a warning when uploads are enabled encouraging upgrades.

Part of GHSA-2p3c-p3qw-69r4
    @glasser
    glasser authored May 25, 2022
    Copy the full SHA
    82d4498 View commit details

  2. Update OSS orb to pass --no-verify-access to lerna publish

    @glasser
    glasser committed May 25, 2022
    Copy the full SHA
    54879d0 View commit details

  3. Release 

     - apollo-server-azure-functions@2.25.4
 - apollo-server-cloud-functions@2.25.4
 - apollo-server-cloudflare@2.25.4
 - apollo-server-core@2.25.4
 - apollo-server-express@2.25.4
 - apollo-server-fastify@2.25.4
 - apollo-server-hapi@2.25.4
 - apollo-server-integration-testsuite@2.25.4
 - apollo-server-koa@2.25.4
 - apollo-server-lambda@2.25.4
 - apollo-server-micro@2.25.4
 - apollo-server-testing@2.25.4
 - apollo-server@2.25.4
    @glasser
    glasser committed May 25, 2022
    Copy the full SHA
    ae444b2 View commit details
Showing with 342 additions and 21,252 deletions.
  1. +1 −1 .circleci/config.yml
  2. +1 −1 .nvmrc
  3. +3 −0 CHANGELOG.md
  4. +0 −10 docs/.gitignore
  5. +0 −1 docs/.nvmrc
  6. +2 −22 docs/README.md
  7. +0 −86 docs/gatsby-config.js
  8. +0 −20,913 docs/package-lock.json
  9. +0 −18 docs/package.json
  10. +6 −5 docs/source/api/apollo-server.md
  11. +1 −2 docs/source/api/graphql-tools.md
  12. +0 −1 docs/source/api/plugin/inline-trace.md
  13. +0 −1 docs/source/api/plugin/schema-reporting.md
  14. +0 −1 docs/source/api/plugin/usage-reporting.md
  15. +75 −0 docs/source/config.json
  16. +4 −8 docs/source/data/data-sources.mdx
  17. +7 −9 docs/source/data/errors.mdx
  18. +3 −1 docs/source/data/file-uploads.md
  19. +4 −8 docs/source/data/resolvers.mdx
  20. +4 −6 docs/source/data/subscriptions.mdx
  21. +0 −1 docs/source/deployment/azure-functions.md
  22. +4 −9 docs/source/deployment/gcp-functions.mdx
  23. +0 −1 docs/source/deployment/heroku.md
  24. +0 −1 docs/source/deployment/index.md
  25. +0 −1 docs/source/deployment/lambda.md
  26. +0 −1 docs/source/deployment/netlify.md
  27. +7 −12 docs/source/getting-started.mdx
  28. +1 −3 docs/source/index.mdx
  29. +2 −2 docs/source/installing-graphql-tools.md
  30. +0 −1 docs/source/integrations/middleware.md
  31. +4 −4 docs/source/integrations/plugins.md
  32. +2 −2 docs/source/migration-two-dot.md
  33. +2 −2 docs/source/monitoring/health-checks.md
  34. +1 −1 docs/source/monitoring/metrics.md
  35. +2 −2 docs/source/performance/apq.md
  36. +5 −6 docs/source/performance/caching.md
  37. +1 −1 docs/source/proxy-configuration.md
  38. +6 −8 docs/source/schema/creating-directives.mdx
  39. +2 −2 docs/source/schema/custom-scalars.md
  40. +3 −4 docs/source/schema/directives.md
  41. +1 −1 docs/source/schema/schema.md
  42. +2 −2 docs/source/schema/unions-interfaces.md
  43. +0 −1 docs/source/security/authentication.md
  44. +1 −1 docs/source/security/terminating-ssl.md
  45. +6 −9 docs/source/testing/graphql-playground.mdx
  46. +1 −1 docs/source/testing/mocking.md
  47. +2 −2 docs/source/why-apollo-server.md
  48. +0 −54 docs/static/_redirects
  49. +0 −5 netlify.toml
  50. +1 −1 packages/apollo-server-azure-functions/package.json
  51. +1 −1 packages/apollo-server-cloud-functions/package.json
  52. +1 −1 packages/apollo-server-cloudflare/package.json
  53. +1 −1 packages/apollo-server-core/package.json
  54. +66 −1 packages/apollo-server-core/src/ApolloServer.ts
  55. +1 −1 packages/apollo-server-express/package.json
  56. +1 −0 packages/apollo-server-express/src/ApolloServer.ts
  57. +91 −0 packages/apollo-server-express/src/__tests__/ApolloServer.test.ts
  58. +1 −1 packages/apollo-server-fastify/package.json
  59. +1 −0 packages/apollo-server-fastify/src/ApolloServer.ts
  60. +1 −1 packages/apollo-server-hapi/package.json
  61. +1 −1 packages/apollo-server-hapi/src/ApolloServer.ts
  62. +1 −1 packages/apollo-server-integration-testsuite/package.json
  63. +1 −1 packages/apollo-server-koa/package.json
  64. +1 −1 packages/apollo-server-koa/src/ApolloServer.ts
  65. +1 −1 packages/apollo-server-lambda/package.json
  66. +1 −1 packages/apollo-server-lambda/src/ApolloServer.ts
  67. +1 −1 packages/apollo-server-micro/package.json
  68. +1 −1 packages/apollo-server-micro/src/ApolloServer.ts
  69. +1 −1 packages/apollo-server-testing/package.json
  70. +1 −1 packages/apollo-server/package.json
2 changes: 1 addition & 1 deletion .circleci/config.yml
View file
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ orbs:
# `oss` is a local reference to the package. The source for Apollo Orbs can
# be found at http://github.com/apollographql/CircleCI-Orbs/.
# We could use Renovate to bump this version via PR, but that's not setup now.
oss: apollo/oss-ci-cd-tooling@0.0.19
oss: apollo/oss-ci-cd-tooling@0.0.20

commands:
# These are the steps used for each version of Node which we're testing
2 changes: 1 addition & 1 deletion .nvmrc
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
v14
v12
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -11,6 +11,9 @@ The version headers in this history reflect the versions of Apollo Server itself

> The changes noted within this `vNEXT` section have not been released yet. New PRs and commits which introduce changes should include an entry in this `vNEXT` section as part of their development. With few exceptions, the format of the entry should follow convention (i.e., prefix with package name, use markdown `backtick formatting` for package names and code, suffix with a link to the change-set à la `[PR #YYY](https://link/pull/YYY)`, etc.). When a release is being prepared, a new header will be (manually) created below and the appropriate changes within that release will be moved into the new section.
## v2.25.4

- ⚠️ **SECURITY**: If your server does not explicitly enable `graphql-upload` support via the `uploads` option to `new ApolloServer` and your schema does not use the `Upload` scalar (other than in its own definition), Apollo Server will not process the `multipart/form-data` requests sent by `graphql-upload` clients. This fixes a Cross-Site Request Forgery (CSRF) vulnerability where origins could cause browsers to execute mutations using a user's cookies even when those origins are not allowed by your CORS policy. If you *do* use uploads in your server, the vulnerability still exists with this version; you should instead upgrade to Apollo Server v3.7 and enable the CSRF prevention feature. (The AS3.7 CSRF prevention feature also protects against other forms of CSRF such as timing attacks against read-only query operations.) See [advisory GHSA-2p3c-p3qw-69r4](https://github.com/apollographql/apollo-server/security/advisories/GHSA-2p3c-p3qw-69r4) for more details.

## v2.25.3

10 changes: 0 additions & 10 deletions docs/.gitignore
View file

This file was deleted.

1 change: 0 additions & 1 deletion docs/.nvmrc
View file

This file was deleted.

24 changes: 2 additions & 22 deletions docs/README.md
View file
Original file line number Diff line number Diff line change
@@ -4,26 +4,6 @@ This is the documentation **source** for this repository.

The **deployed** version of the documentation for this repository is available at:

* https://www.apollographql.com/docs/apollo-server/
* https://www.apollographql.com/docs/apollo-server/v2

## Documentation for the documentation

This `README.md` is intentionally short since the [documentation for the documentation](https://docs-docs.netlify.com/docs/docs/) provides details for the documentation framework _itself_. Additional information should generally be added to that documentation rather than here in this `README.md`, in order to provide a centralized resource that benefits all documentation deployments.

## Running locally

For more information, consult the documentation for the documentation, referenced above.

In general though:

* `npm install` in this directory
* `npm start` in this directory
* Open a browser to the link provided in the console.

> **Important note:** Changes to the markdown source does not result in an automatic "hot reload" in the browser; it is necessary to reload the page manually in the browser to see it re-rendered. Additionally, changes to `_config.yml` require stopping the server and restarting with `npm start` again.
## Deploy previews

Documentation repositories should be setup with a "deploy preview" feature which automatically provides "preview" links in the _status checks_ section of pull-requests.

In the event that it's not possible to run the documentation locally, pushing changes to the branch for a pull-request can be a suitable alternative that ensures changes to the documentation are properly rendered.
See the [docs site README](https://github.com/apollographql/docs) for local installation and development.
86 changes: 0 additions & 86 deletions docs/gatsby-config.js
View file

This file was deleted.

Loading