[PaaS only]{class="badge informative" title="Applies to Adobe Commerce on Cloud projects (Adobe-managed PaaS infrastructure) and on-premises projects only."}

ACSD-68925: GraphQL responses now follow HTTP specs, returning 4XX for unparseable, unauthorized, or invalid requests

This patch ensures that GraphQL now returns appropriate HTTP status codes when requests are unparseable, unauthorized, or otherwise invalid. This patch is available when the Quality Patches Tool (QPT) 1.1.75 is installed. The patch ID is ACSD-68925. Please note that this issue is scheduled to be fixed in Adobe Commerce 2.4.9.

Affected products and versions

The patch is created for Adobe Commerce version:

Compatible with Adobe Commerce versions:

Issue

Previously, invalid GraphQL requests generated internal server errors, instead of the correct 4XX responses defined by the GraphQL over HTTP specification.

Steps to reproduce:

Send GraphQL request with an unknown/incorrect filter name.

  {
    cmsBlocks(identifiers: ["home"]) {
    items {
      title
      }
    }
  }

Expected results:

A 4XX response code is returned when it’s impossible to parse the request, the request is not authorized, or there is another general problem with the request. If the request is parsed and can be processed, a 200 response code should be returned.

Actual results:

An internal server error is returned in response with the following error in the exception.log:

report.CRITICAL: LogicException: Config element "FindFilterType" is not declared in GraphQL schema in lib/internal/Magento/Framework/GraphQl/Config.php:57

Apply the patch

To apply individual patches, use the following links depending on your deployment method:

Related reading

To learn more about Quality Patches Tool, refer to: