graphql-python/graphene-django
1
1
Fork 0
mirror of https://github.com/graphql-python/graphene-django.git synced 2024-11-22 01:27:01 +03:00
Code Issues Packages Projects Releases Wiki Activity

GraphiQL cleanup (#1002)

Browse Source 
* Add integrity checks for GraphiQL CDN resources

Also fixes an erroneous assignment preventing a setting from getting to
the UI.

* Pass SRIs and new versions to the template

* Update hashes

* Use SRI-stable artifacts for GraphiQL resources
This commit is contained in:
Eric Abruzzese 2020-07-12 15:48:12 -04:00 committed by GitHub
parent 6aa6aaaa8c
commit 057b491176
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 84 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
graphene_django/static/graphene_django/graphiql.js
View File

@ -1,43 +1,55 @@
(function ( (function (
document, document,
GRAPHENE_SETTINGS, GRAPHENE_SETTINGS,
GraphiQL, GraphiQL,
React, React,
ReactDOM, ReactDOM,
SubscriptionsTransportWs, SubscriptionsTransportWs,
fetch,
history, history,
location, location,
) { ) {
// Parse the cookie value for a CSRF token // Parse the cookie value for a CSRF token
var csrftoken; var csrftoken;
var cookies = ('; ' + document.cookie).split('; csrftoken='); var cookies = ("; " + document.cookie).split("; csrftoken=");
if (cookies.length == 2) { if (cookies.length == 2) {
csrftoken = cookies.pop().split(';').shift(); csrftoken = cookies.pop().split(";").shift();
} else { } else {
csrftoken = document.querySelector("[name=csrfmiddlewaretoken]").value; csrftoken = document.querySelector("[name=csrfmiddlewaretoken]").value;
} }
// Collect the URL parameters // Collect the URL parameters
var parameters = {}; var parameters = {};
location.hash.substr(1).split('&').forEach(function (entry) { location.hash
var eq = entry.indexOf('='); .substr(1)
if (eq >= 0) { .split("&")
parameters[decodeURIComponent(entry.slice(0, eq))] = .forEach(function (entry) {
decodeURIComponent(entry.slice(eq + 1)); var eq = entry.indexOf("=");
} if (eq >= 0) {
}); parameters[decodeURIComponent(entry.slice(0, eq))] = decodeURIComponent(
entry.slice(eq + 1),
);
}
});
// Produce a Location fragment string from a parameter object. // Produce a Location fragment string from a parameter object.
function locationQuery(params) { function locationQuery(params) {
return '#' + Object.keys(params).map(function (key) { return (
return encodeURIComponent(key) + '=' + "#" +
encodeURIComponent(params[key]); Object.keys(params)
}).join('&'); .map(function (key) {
return (
encodeURIComponent(key) + "=" + encodeURIComponent(params[key])
);
})
.join("&")
);
} }
// Derive a fetch URL from the current URL, sans the GraphQL parameters. // Derive a fetch URL from the current URL, sans the GraphQL parameters.
var graphqlParamNames = { var graphqlParamNames = {
query: true, query: true,
variables: true, variables: true,
operationName: true operationName: true,
}; };
var otherParams = {}; var otherParams = {};
for (var k in parameters) { for (var k in parameters) {
@ -51,26 +63,28 @@
// Defines a GraphQL fetcher using the fetch API. // Defines a GraphQL fetcher using the fetch API.
function httpClient(graphQLParams) { function httpClient(graphQLParams) {
var headers = { var headers = {
'Accept': 'application/json', Accept: "application/json",
'Content-Type': 'application/json' "Content-Type": "application/json",
}; };
if (csrftoken) { if (csrftoken) {
headers['X-CSRFToken'] = csrftoken; headers["X-CSRFToken"] = csrftoken;
} }
return fetch(fetchURL, { return fetch(fetchURL, {
method: 'post', method: "post",
headers: headers, headers: headers,
body: JSON.stringify(graphQLParams), body: JSON.stringify(graphQLParams),
credentials: 'include', credentials: "include",
}).then(function (response) { })
return response.text(); .then(function (response) {
}).then(function (responseBody) { return response.text();
try { })
return JSON.parse(responseBody); .then(function (responseBody) {
} catch (error) { try {
return responseBody; return JSON.parse(responseBody);
} } catch (error) {
}); return responseBody;
}
});
} }
// Derive the subscription URL. If the SUBSCRIPTION_URL setting is specified, uses that value. Otherwise // Derive the subscription URL. If the SUBSCRIPTION_URL setting is specified, uses that value. Otherwise
@ -157,7 +171,7 @@
onEditVariables: onEditVariables, onEditVariables: onEditVariables,
onEditOperationName: onEditOperationName, onEditOperationName: onEditOperationName,
query: parameters.query, query: parameters.query,
} };
if (parameters.variables) { if (parameters.variables) {
options.variables = parameters.variables; options.variables = parameters.variables;
} }
@ -167,15 +181,17 @@
// Render <GraphiQL /> into the body. // Render <GraphiQL /> into the body.
ReactDOM.render( ReactDOM.render(
React.createElement(GraphiQL, options), React.createElement(GraphiQL, options),
document.getElementById("editor") document.getElementById("editor"),
); );
})( })(
document, document,
window.GRAPHENE_SETTINGS, window.GRAPHENE_SETTINGS,
window.GraphiQL, window.GraphiQL,
window.React, window.React,
window.ReactDOM, window.ReactDOM,
window.SubscriptionsTransportWs, window.SubscriptionsTransportWs,
window.fetch,
window.history, window.history,
window.location, window.location,
); );

11
graphene_django/templates/graphene/graphiql.html
View File

@ -17,19 +17,24 @@ add "&raw" to the end of the URL within a browser.
width: 100%; width: 100%;
} }
</style> </style>
<link href="https://cdn.jsdelivr.net/npm/graphiql@{{graphiql_version}}/graphiql.css" <link href="https://cdn.jsdelivr.net/npm/graphiql@{{graphiql_version}}/graphiql.min.css"
integrity="{{graphiql_css_sri}}"
rel="stylesheet" rel="stylesheet"
crossorigin="anonymous" /> crossorigin="anonymous" />
<script src="https://cdn.jsdelivr.net/npm/whatwg-fetch@2.0.3/fetch.min.js" <script src="https://cdn.jsdelivr.net/npm/whatwg-fetch@{{whatwg_fetch_version}}/dist/fetch.umd.js"
integrity="sha384-dcF7KoWRaRpjcNbVPUFgatYgAijf8DqW6NWuqLdfB5Sb4Cdbb8iHX7bHsl9YhpKa" integrity="{{whatwg_fetch_sri}}"
crossorigin="anonymous"></script> crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/react@{{react_version}}/umd/react.production.min.js" <script src="https://cdn.jsdelivr.net/npm/react@{{react_version}}/umd/react.production.min.js"
integrity="{{react_sri}}"
crossorigin="anonymous"></script> crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/react-dom@{{react_version}}/umd/react-dom.production.min.js" <script src="https://cdn.jsdelivr.net/npm/react-dom@{{react_version}}/umd/react-dom.production.min.js"
integrity="{{react_dom_sri}}"
crossorigin="anonymous"></script> crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/graphiql@{{graphiql_version}}/graphiql.min.js" <script src="https://cdn.jsdelivr.net/npm/graphiql@{{graphiql_version}}/graphiql.min.js"
integrity="{{graphiql_sri}}"
crossorigin="anonymous"></script> crossorigin="anonymous"></script>
<script src="https://cdn.jsdelivr.net/npm/subscriptions-transport-ws@{{subscriptions_transport_ws_version}}/browser/client.js" <script src="https://cdn.jsdelivr.net/npm/subscriptions-transport-ws@{{subscriptions_transport_ws_version}}/browser/client.js"
integrity="{{subscriptions_transport_ws_sri}}"
crossorigin="anonymous"></script> crossorigin="anonymous"></script>
</head> </head>
<body> <body>

34
graphene_django/views.py
View File

@ -52,10 +52,27 @@ def instantiate_middleware(middlewares):
class GraphQLView(View): class GraphQLView(View):
graphiql_version = "1.0.3"
graphiql_template = "graphene/graphiql.html" graphiql_template = "graphene/graphiql.html"
# Polyfill for window.fetch.
whatwg_fetch_version = "3.2.0"
whatwg_fetch_sri = "sha256-l6HCB9TT2v89oWbDdo2Z3j+PSVypKNLA/nqfzSbM8mo="
# React and ReactDOM.
react_version = "16.13.1" react_version = "16.13.1"
subscriptions_transport_ws_version = "0.9.16" react_sri = "sha256-yUhvEmYVhZ/GGshIQKArLvySDSh6cdmdcIx0spR3UP4="
react_dom_sri = "sha256-vFt3l+illeNlwThbDUdoPTqF81M8WNSZZZt3HEjsbSU="
# The GraphiQL React app.
graphiql_version = "1.0.3"
graphiql_sri = "sha256-VR4buIDY9ZXSyCNFHFNik6uSe0MhigCzgN4u7moCOTk="
graphiql_css_sri = "sha256-LwqxjyZgqXDYbpxQJ5zLQeNcf7WVNSJ+r8yp2rnWE/E="
# The websocket transport library for subscriptions.
subscriptions_transport_ws_version = "0.9.17"
subscriptions_transport_ws_sri = (
"sha256-kCDzver8iRaIQ/SVlfrIwxaBQ/avXf9GQFJRLlErBnk="
)
schema = None schema = None
graphiql = False graphiql = False
@ -101,7 +118,7 @@ class GraphQLView(View):
self.batch = self.batch or batch self.batch = self.batch or batch
self.backend = backend self.backend = backend
if subscription_path is None: if subscription_path is None:
subscription_path = graphene_settings.SUBSCRIPTION_PATH self.subscription_path = graphene_settings.SUBSCRIPTION_PATH
assert isinstance( assert isinstance(
self.schema, GraphQLSchema self.schema, GraphQLSchema
@ -137,9 +154,18 @@ class GraphQLView(View):
if show_graphiql: if show_graphiql:
return self.render_graphiql( return self.render_graphiql(
request, request,
graphiql_version=self.graphiql_version, # Dependency parameters.
whatwg_fetch_version=self.whatwg_fetch_version,
whatwg_fetch_sri=self.whatwg_fetch_sri,
react_version=self.react_version, react_version=self.react_version,
react_sri=self.react_sri,
react_dom_sri=self.react_dom_sri,
graphiql_version=self.graphiql_version,
graphiql_sri=self.graphiql_sri,
graphiql_css_sri=self.graphiql_css_sri,
subscriptions_transport_ws_version=self.subscriptions_transport_ws_version, subscriptions_transport_ws_version=self.subscriptions_transport_ws_version,
subscriptions_transport_ws_sri=self.subscriptions_transport_ws_sri,
# The SUBSCRIPTION_PATH setting.
subscription_path=self.subscription_path, subscription_path=self.subscription_path,
) )