Protected Against HTTP Method Manipulation

Protected Against HTTP Method Manipulation

Risk: secure

Description

The GraphQL API is protected against HTTP method manipulation by enforcing POST-only mutations and rejecting GET-based operations, eliminating risks of sensitive data exposure in URLs.

Recommendation

The implementation is secure, no recommendation apply.

Links

• OWASP GraphQL Security
• RFC 9110 (HTTP Semantics)

Standards

• OWASP_TOP_10:
  • A05_2021