Restrict UI to only GET requests (#779)

Author: Shane32

src/Ui.Altair/Extensions/AltairApplicationBuilderExtensions.cs

@@ -1,4 +1,5 @@
 using GraphQL.Server.Ui.Altair;
+using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Builder;
 
@@ -22,7 +23,7 @@ public static IApplicationBuilder UseGraphQLAltair(this IApplicationBuilder app,
     public static IApplicationBuilder UseGraphQLAltair(this IApplicationBuilder app, AltairOptions options, string path = "/ui/altair")
     {
         return app.UseWhen(
-           context => context.Request.Path.StartsWithSegments(path, out var remaining) && string.IsNullOrEmpty(remaining),
+           context => HttpMethods.IsGet(context.Request.Method) && context.Request.Path.StartsWithSegments(path, out var remaining) && string.IsNullOrEmpty(remaining),
            b => b.UseMiddleware<AltairMiddleware>(options ?? new AltairOptions()));
     }
 }

src/Ui.Altair/Extensions/AltairEndpointRouteBuilderExtensions.cs

@@ -30,7 +30,7 @@ public static AltairEndpointConventionBuilder MapGraphQLAltair(this IEndpointRou
             throw new ArgumentNullException(nameof(endpoints));
 
         var requestDelegate = endpoints.CreateApplicationBuilder().UseMiddleware<AltairMiddleware>(options ?? new AltairOptions()).Build();
-        return new AltairEndpointConventionBuilder(endpoints.Map(pattern, requestDelegate).WithDisplayName("GraphQL Altair"));
+        return new AltairEndpointConventionBuilder(endpoints.MapGet(pattern, requestDelegate).WithDisplayName("GraphQL Altair"));
     }
 }
 

src/Ui.GraphiQL/Extensions/GraphiQLApplicationBuilderExtensions.cs

@@ -1,4 +1,5 @@
 using GraphQL.Server.Ui.GraphiQL;
+using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Builder;
 
@@ -22,7 +23,7 @@ public static IApplicationBuilder UseGraphQLGraphiQL(this IApplicationBuilder ap
     public static IApplicationBuilder UseGraphQLGraphiQL(this IApplicationBuilder app, GraphiQLOptions options, string path = "/ui/graphiql")
     {
         return app.UseWhen(
-           context => context.Request.Path.StartsWithSegments(path, out var remaining) && string.IsNullOrEmpty(remaining),
+           context => HttpMethods.IsGet(context.Request.Method) && context.Request.Path.StartsWithSegments(path, out var remaining) && string.IsNullOrEmpty(remaining),
            b => b.UseMiddleware<GraphiQLMiddleware>(options ?? new GraphiQLOptions()));
     }
 }

src/Ui.GraphiQL/Extensions/GraphiQLEndpointRouteBuilderExtensions.cs

@@ -30,7 +30,7 @@ public static GraphiQLEndpointConventionBuilder MapGraphQLGraphiQL(this IEndpoin
             throw new ArgumentNullException(nameof(endpoints));
 
         var requestDelegate = endpoints.CreateApplicationBuilder().UseMiddleware<GraphiQLMiddleware>(options ?? new GraphiQLOptions()).Build();
-        return new GraphiQLEndpointConventionBuilder(endpoints.Map(pattern, requestDelegate).WithDisplayName("GraphiQL"));
+        return new GraphiQLEndpointConventionBuilder(endpoints.MapGet(pattern, requestDelegate).WithDisplayName("GraphiQL"));
     }
 }
 

src/Ui.Playground/Extensions/PlaygroundApplicationBuilderExtensions.cs

@@ -1,4 +1,5 @@
 using GraphQL.Server.Ui.Playground;
+using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Builder;
 
@@ -22,7 +23,7 @@ public static IApplicationBuilder UseGraphQLPlayground(this IApplicationBuilder
     public static IApplicationBuilder UseGraphQLPlayground(this IApplicationBuilder app, PlaygroundOptions options, string path = "/ui/playground")
     {
         return app.UseWhen(
-           context => context.Request.Path.StartsWithSegments(path, out var remaining) && string.IsNullOrEmpty(remaining),
+           context => HttpMethods.IsGet(context.Request.Method) && context.Request.Path.StartsWithSegments(path, out var remaining) && string.IsNullOrEmpty(remaining),
            b => b.UseMiddleware<PlaygroundMiddleware>(options ?? new PlaygroundOptions()));
     }
 }

src/Ui.Playground/Extensions/PlaygroundEndpointRouteBuilderExtensions.cs

@@ -30,7 +30,7 @@ public static PlaygroundEndpointConventionBuilder MapGraphQLPlayground(this IEnd
             throw new ArgumentNullException(nameof(endpoints));
 
         var requestDelegate = endpoints.CreateApplicationBuilder().UseMiddleware<PlaygroundMiddleware>(options ?? new PlaygroundOptions()).Build();
-        return new PlaygroundEndpointConventionBuilder(endpoints.Map(pattern, requestDelegate).WithDisplayName("GraphQL Playground"));
+        return new PlaygroundEndpointConventionBuilder(endpoints.MapGet(pattern, requestDelegate).WithDisplayName("GraphQL Playground"));
     }
 }
 

src/Ui.Voyager/Extensions/VoyagerApplicationBuilderExtensions.cs

@@ -1,4 +1,5 @@
 using GraphQL.Server.Ui.Voyager;
+using Microsoft.AspNetCore.Http;
 
 namespace Microsoft.AspNetCore.Builder;
 
@@ -22,7 +23,7 @@ public static IApplicationBuilder UseGraphQLVoyager(this IApplicationBuilder app
     public static IApplicationBuilder UseGraphQLVoyager(this IApplicationBuilder app, VoyagerOptions options, string path = "/ui/voyager")
     {
         return app.UseWhen(
-           context => context.Request.Path.StartsWithSegments(path, out var remaining) && string.IsNullOrEmpty(remaining),
+           context => HttpMethods.IsGet(context.Request.Method) && context.Request.Path.StartsWithSegments(path, out var remaining) && string.IsNullOrEmpty(remaining),
            b => b.UseMiddleware<VoyagerMiddleware>(options ?? new VoyagerOptions()));
     }
 }

src/Ui.Voyager/Extensions/VoyagerEndpointRouteBuilderExtensions.cs

@@ -30,7 +30,7 @@ public static VoyagerEndpointConventionBuilder MapGraphQLVoyager(this IEndpointR
             throw new ArgumentNullException(nameof(endpoints));
 
         var requestDelegate = endpoints.CreateApplicationBuilder().UseMiddleware<VoyagerMiddleware>(options ?? new VoyagerOptions()).Build();
-        return new VoyagerEndpointConventionBuilder(endpoints.Map(pattern, requestDelegate).WithDisplayName("GraphQL Voyager"));
+        return new VoyagerEndpointConventionBuilder(endpoints.MapGet(pattern, requestDelegate).WithDisplayName("GraphQL Voyager"));
     }
 }