I ran into this issue as well. I figured out that you need to set the MultipartConfig when creating the ServletRegistrationBean in the spring boot starter like below. This requires additional configuration, which would have to be added to the library as properties as well.

@Bean
ServletRegistrationBean<GraphQLServlet> graphQLServletRegistrationBean(GraphQLServlet servlet) {
    ServletRegistrationBean<GraphQLServlet> graphqlServletRegistrationBean = new ServletRegistrationBean<>(servlet, graphQLServletProperties.getServletMapping());
    graphqlServletRegistrationBean.setMultipartConfig(new MultipartConfigElement(""));
    return graphqlServletRegistrationBean;
}

However, with this change you run into the next issue, which is that it starts complaining that the enctype is incorrect. Apparently now it's expecting every request to contain an upload instead of supporting both use cases. That's because GraphQLServlet assumes it's a multipart request instead of actually checking that.

This requires changes in both libraries. I've got it working locally now, I'll add it later.

Update commons-fileupload version due to multiple CVEs #76

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions