fix(graphql) make graphql accept GETs (dotCMS#31396)

wezell · web-flow · commit e198afabfcb4 · 2025-02-17T19:14:14.000Z
This pull request introduces several changes to the `DotGraphQLHttpServlet` class in order to improve the handling of GraphQL requests. The key modifications include adding a new request wrapper class and updating the `doGet` method to enforce the presence of a query id `?qid=abc123` parameter that can be used to enforce uniqueness in the responses. ref: dotCMS#31395
diff --git a/dotCMS/src/main/java/com/dotcms/graphql/DotGraphQLHttpServlet.java b/dotCMS/src/main/java/com/dotcms/graphql/DotGraphQLHttpServlet.java
@@ -11,6 +11,7 @@
 import java.util.HashMap;
 import java.util.List;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 
 public class DotGraphQLHttpServlet extends AbstractGraphQLHttpServlet {
@@ -19,6 +20,21 @@ public class DotGraphQLHttpServlet extends AbstractGraphQLHttpServlet {
 
     private static final String CORS_GRAPHQL = CorsFilter.CORS_PREFIX + ".graphql";
 
+    /**
+     * Wrapper to force the request to be a POST
+     */
+    static class PostRequestWrapper extends HttpServletRequestWrapper {
+        public PostRequestWrapper(HttpServletRequest request) {
+            super(request);
+        }
+
+        @Override
+        public String getMethod() {
+            return "POST";
+        }
+    }
+
+
     @Override
     protected GraphQLConfiguration getConfiguration() {
         return GraphQLConfiguration
@@ -30,7 +46,16 @@ protected GraphQLConfiguration getConfiguration() {
 
     @Override
     protected void doGet(final HttpServletRequest request, final HttpServletResponse response) {
-        handleRequest(request, response);
+
+        if(request.getParameter("qid") == null) {
+            Logger.warn(DotGraphQLHttpServlet.class, "No query id (qid) provided in graphql GET .  This can result in invalid cached data by both browsers and CDNs.  Please provide a distinguishing query id (qid) parameter to execute a graphql query via GET, e.g. /api/v1/graphql?qid=123abc");
+            Try.run(()->response.sendError(500, "No query id (qid) provided.  This can result in invalid cached data by both browsers and CDNs.  Please provide a distinguishing query id (qid) parameter to execute a graphql query via GET, e.g. /api/v1/graphql?qid=123abc"));
+            return;
+        }
+
+        HttpServletRequest wrapper = new PostRequestWrapper(request);
+
+        handleRequest(wrapper, response);
     }
 
     @Override
diff --git a/dotcms-integration/src/test/java/com/dotcms/graphql/DotGraphQLHttpServletTest.java b/dotcms-integration/src/test/java/com/dotcms/graphql/DotGraphQLHttpServletTest.java
@@ -39,7 +39,7 @@ public void testing_cors_headers() {
     public void testing_GETRequestToGraphQLServer_returnResponseWithExpectedHeaders()
             throws ServletException, IOException {
 
-        MockHttpRequestIntegrationTest request = new MockHttpRequestIntegrationTest("localhost", "/");
+        MockHttpRequestIntegrationTest request = new MockHttpRequestIntegrationTest("localhost", "/?qid=123abc");
         MockHeaderResponse response = new MockHeaderResponse(new MockHttpResponse());
         DotGraphQLHttpServlet graphQLHttpServlet = new DotGraphQLHttpServlet();
         graphQLHttpServlet.init(null);
