Select return content type based on Accept header

[Shane32]

No description provided.

[Shane32]

@sungam3r It seems that there may be many applications which require application/json as the content-type rather than application/graphql-response+json. As such, I'm considering this a critical bug and will be releasing 7.1 with this fix shortly if you have no comments. I would really appreciate comments on the implementation - see issue #917 .

[jeffw-wherethebitsroam]

The problem here is that if you only have a single misbehaving client, then you would need to subclass the GraphQLHttpMiddleware and recreate the logic above with a different fall-back. It would still be really good to be able to just override the default response content type.

[Shane32]

I agree.

[codecov-commenter]

Codecov Report

Merging #919 (e01c2fa) into master (d80414d) will decrease coverage by 0.08%.
The diff coverage is 93.47%.

@@            Coverage Diff             @@
##           master     #919      +/-   ##
==========================================
- Coverage   95.18%   95.09%   -0.09%     
==========================================
  Files          42       42              
  Lines        1992     2078      +86     
  Branches      336      358      +22     
==========================================
+ Hits         1896     1976      +80     
- Misses         55       59       +4     
- Partials       41       43       +2     

Impacted Files	Coverage Δ
src/Transports.AspNetCore/GraphQLHttpMiddleware.cs	95.13% <93.40%> (-0.50%)	⬇️
...nsports.AspNetCore/GraphQLHttpMiddlewareOptions.cs	100.00% <100.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[Shane32]

@jeffw-wherethebitsroam Want to review these changes for me? I think I have the logic figured out, but just wondering if perhaps the MediaTypeHeaderValue type would be better than string for the option, considering the comparison logic now included here.

@sungam3r I would appreciate your comments, but have not heard from you in the last week. I will wait another 24 hours for a review before merging these changes and releasing 7.1. Thanks!

General logic this PR now has:

1. Loops through each media type listed in the Accept header
2. Prioritizes so that specific media types are given priority, whereas wildcard media types are given the least priority
3. For each type listed:
   a. Checks if it matches the default content type. Includes matching on charset. So a request of application/json will match on a default content type of application/json; charset=utf-8.
   b. Checks if it matches application/graphql+response+json; charset=utf-8.
   c. Checks if it matches application/json; charset=utf-8.
   d. Checks if it matches the deprecated application/graphql+json; charset=utf-8.
4. The first match found is returned; if no matches are found, the default content type is returned.

This means that by default, these responses are given:

Accept request header	Content-Type response header
(none)	application/graphql-response+json; charset=utf-8
*/*	application/graphql-response+json; charset=utf-8
application/*	application/graphql-response+json; charset=utf-8
application/*+json	application/graphql-response+json; charset=utf-8
application/graphql-response+json	application/graphql-response+json; charset=utf-8
application/graphql+json	application/graphql+json; charset=utf-8
application/json	application/json; charset=utf-8
*/*, application/json	application/json; charset=utf-8

By changing the default to application/json, the prior default, then you get these results:

Accept request header	Content-Type response header
(none)	application/json
*/*	application/json
application/*	application/json
application/*+json	application/graphql-response+json; charset=utf-8
application/graphql-response+json	application/graphql-response+json; charset=utf-8
application/graphql+json	application/graphql+json; charset=utf-8
application/json	application/json
*/*, application/json	application/json

Since 7.0 is only a couple weeks old, the migration document was modified to reflect changes from 6.x to 7.1.

[jeffw-wherethebitsroam]

Hi @Shane32. Busy weekend, so didn't get a chance to look before now, but it looks good to me.

[bithavoc]

Thanks so much, this fixed an issue while trying to consume from graphql-request where it always expects application/json

[sungam3r]

wooooooow

[Shane32]

You know I like my [Theory]s...

[sungam3r]

I think thre should be test for "application/pdf" accept header when server returns error. From https://datatracker.ietf.org/doc/html/rfc7231#section-5.3.2:

[Shane32]

According to the draft spec (as of today; it's a moving target!):

In alignment with the HTTP 1.1 Accept specification, when a client does not include at least one supported media type in the Accept HTTP header, the server MUST either:

• Disregard the Accept header and respond with the default media type of application/json, specifying this in the Content-Type header; OR
• Respond with a 406 Not Acceptable status code and stop processing the request.

I elected the first option. I would agree that the latter would be better, but I was thinking this change would come in 8.0, as it would involve processing the header earlier in the flow and so would change the design of the middleware.

We could also support additional character encodings; we do so for requests -- why not responses also? I have no urgency to do so; you're the only one I know of that mentioned using charsets besides utf-8 -- just an idea.

[Shane32]

Note: as it relates to RFC 7231, we are in compliance now -- see where it says "or disregard the header field...". Again, I like better the use of status code 406, but probably implement it in version 8, reconfiguring the middleware to perform content type negotiation prior to execution of the GraphQL request.

[sungam3r]

agree

[sungam3r]

#932

[sungam3r]

Regarding encodings - spec become rather stric about encoding:

MUST is strong requirement )

[Shane32]

graphql/graphql-over-http#229

[sungam3r]

I read it several times and this comment still seems strange to me. I don't understand the meaning of matches.

[sungam3r]

I mean in generally I understand what you want to say but from the point of view of some "external" developer it may look strange.

[Shane32]

I do the best I can. Sometimes I'm tongue tied. Here it seemed to make sense to me, but I get it. Feel free to suggest an improvement.

[sungam3r]

Techically, it is not deprecated. It just does not exist anymore since they removed it from draft spec.

[sungam3r]

Why alias?

[Shane32]

There are two different MediaTypeHeaderValue classes both within scope (if I recall correctly).

[sungam3r]

Hmm, what if client specified "application/pdf" or "application/some_unknown_mime" in accept header?

From https://datatracker.ietf.org/doc/html/rfc7231#section-5.3.2

A request without any Accept header field implies that the user agent
will accept any media type in response. If the header field is
present in a request and none of the available representations for
the response have a media type that is listed as acceptable, the
origin server can either honor the header field by sending a 406 (Not
Acceptable) response or disregard the header field by treating the
response as if it is not subject to content negotiation.

Do you want to go with second option?

[Shane32]

That’s the case now (merged in this PR). Please read my response to your comments on this earlier today. TLDR: maybe update in v8 to reject with 406

[sungam3r]

public override string ToString()
        {
            StringBuilder stringBuilder = new StringBuilder();
            stringBuilder.Append(_mediaType);
            NameValueHeaderValue.ToString(_parameters, ';', leadingSeparator: true, stringBuilder);
            return stringBuilder.ToString();
        }

😕 called each time

[sungam3r]

Reviewed. LGTM. I left some comments and posted #931