diff --git a/README.md b/README.md
index 7be5063b..2bce31a8 100644
--- a/README.md
+++ b/README.md
@@ -729,13 +729,13 @@ Having said this, graphql-http is mostly aimed for library authors and simple se
If you want a feature-full server with bleeding edge technologies, you're recommended to use one of the following.
-| Name | Audit |
-| ------------------------------------------------------------------ | -------------------------------------------------------------------- |
-| [graphql-yoga](https://www.the-guild.dev/graphql/yoga-server) | [✅ Compliant (0 warnings)](/implementations/graphql-yoga/README.md) |
-| [hotchocolate](https://chillicream.com/docs/hotchocolate) | [✅ Compliant (0 warnings)](/implementations/hotchocolate/README.md) |
-| [postgraphile](https://www.graphile.org/postgraphile/) | [✅ Compliant](/implementations/postgraphile/README.md) |
-| [apollo-server](https://www.apollographql.com/docs/apollo-server/) | [✅ Compliant](/implementations/apollo-server/README.md) |
-| [mercurius](https://mercurius.dev) | [✅ Compliant](/implementations/mercurius/README.md) |
+| Name | Audit |
+| ------------------------------------------------------------------ | -------------------------------------------------------- |
+| [graphql-yoga](https://www.the-guild.dev/graphql/yoga-server) | [✅ Compliant](/implementations/graphql-yoga/README.md) |
+| [hotchocolate](https://chillicream.com/docs/hotchocolate) | [✅ Compliant](/implementations/hotchocolate/README.md) |
+| [postgraphile](https://www.graphile.org/postgraphile/) | [✅ Compliant](/implementations/postgraphile/README.md) |
+| [apollo-server](https://www.apollographql.com/docs/apollo-server/) | [✅ Compliant](/implementations/apollo-server/README.md) |
+| [mercurius](https://mercurius.dev) | [✅ Compliant](/implementations/mercurius/README.md) |
## [Documentation](docs/)
diff --git a/implementations/apollo-server/README.md b/implementations/apollo-server/README.md
index d7d437d9..cf3af143 100644
--- a/implementations/apollo-server/README.md
+++ b/implementations/apollo-server/README.md
@@ -3,194 +3,191 @@ _* This report was auto-generated by graphql-http_
# GraphQL over HTTP audit report
- **73** audits in total
-- ✅ **36** pass
-- ⚠️ **37** warnings (optional)
+- ✅ **37** pass
+- ⚠️ **36** warnings (optional)
## Passing
1. SHOULD accept application/graphql-response+json and match the content-type
2. MUST accept application/json and match the content-type
-3. MUST use utf-8 encoding when responding
-4. MUST accept utf-8 encoding
-5. MUST assume utf-8 if encoding is unspecified
-6. MUST accept POST requests
-7. MAY NOT allow executing mutations on GET requests
-8. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-9. MUST accept application/json POST requests
-10. MUST require a request body on POST
-11. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-12. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
-13. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-14. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-15. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
-16. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-17. MUST allow string {query} parameter when accepting application/json
-18. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-19. MUST allow string {operationName} parameter when accepting application/json
-20. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-21. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-22. MUST allow map {variables} parameter when accepting application/json
-23. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
-24. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-25. MUST allow map {extensions} parameter when accepting application/json
-26. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-27. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-28. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-29. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-30. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-31. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-32. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-33. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-34. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-35. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-36. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+3. SHOULD accept \*/\* and use application/json for the content-type
+4. MUST use utf-8 encoding when responding
+5. MUST accept utf-8 encoding
+6. MUST assume utf-8 if encoding is unspecified
+7. MUST accept POST requests
+8. MAY NOT allow executing mutations on GET requests
+9. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+10. MUST accept application/json POST requests
+11. MUST require a request body on POST
+12. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+13. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+14. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+16. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+17. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+18. MUST allow string {query} parameter when accepting application/json
+19. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+20. MUST allow string {operationName} parameter when accepting application/json
+21. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+22. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+23. MUST allow map {variables} parameter when accepting application/json
+24. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+25. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+26. MUST allow map {extensions} parameter when accepting application/json
+27. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+28. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+29. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+30. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+31. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+32. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+33. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+34. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+35. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+36. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+37. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
## Warnings
The server _SHOULD_ support these, but is not required.
-1. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
+1. SHOULD assume application/json content-type when accept is missing
```
-Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
-```
-2. SHOULD assume application/graphql-response+json content-type when accept is missing
-```
-Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
+Status code 400 is not 200
```
-3. MAY accept application/x-www-form-urlencoded formatted GET requests
+2. MAY accept application/x-www-form-urlencoded formatted GET requests
```
Status code 400 is not 200
```
-4. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+3. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-5. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+4. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-6. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+5. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-7. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+6. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-8. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+7. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-9. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+8. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-10. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+9. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-11. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+10. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-12. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+11. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-13. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+12. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-14. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+13. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-15. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+14. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-16. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+15. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-17. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+16. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-18. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-19. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+18. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-20. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
```
Status code 400 is not 200
```
-21. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+20. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-22. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+21. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-23. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+22. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-24. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+23. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
```
Status code 400 is not 200
```
-25. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+24. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
```
Status code 400 is not 200
```
-26. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+25. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-27. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+26. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-28. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+27. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-29. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+28. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
```
Status code 400 is not 200
```
-30. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+29. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-31. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+30. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-32. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+31. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-33. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+32. SHOULD use 200 status code on JSON parsing failure when accepting application/json
```
Status code 400 is not 200
```
-34. SHOULD use 200 status code if parameters are invalid when accepting application/json
+33. SHOULD use 200 status code if parameters are invalid when accepting application/json
```
Status code 400 is not 200
```
-35. SHOULD use 200 status code on document parsing failure when accepting application/json
+34. SHOULD use 200 status code on document parsing failure when accepting application/json
```
Status code 400 is not 200
```
-36. SHOULD use 200 status code on document validation failure when accepting application/json
+35. SHOULD use 200 status code on document validation failure when accepting application/json
```
Status code 400 is not 200
```
-37. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+36. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
```
Response body is not valid JSON. Got "\n\n\n\nError\n\n\nSyntaxError: Unexpected end of JSON input
at JSON.parse (<anonymous>)
at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)
at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18
at AsyncResource.runInAsyncScope (node:async_hooks:203:9)
at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)
at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)
at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)
at IncomingMessage.emit (node:events:513:28)
at endReadableNT (node:internal/streams/rea...
```
diff --git a/implementations/express-graphql/README.md b/implementations/express-graphql/README.md
index ecd5d58c..bccc46df 100644
--- a/implementations/express-graphql/README.md
+++ b/implementations/express-graphql/README.md
@@ -3,48 +3,50 @@ _* This report was auto-generated by graphql-http_
# GraphQL over HTTP audit report
- **73** audits in total
-- ✅ **38** pass
-- ⚠️ **35** warnings (optional)
+- ✅ **40** pass
+- ⚠️ **33** warnings (optional)
## Passing
1. MUST accept application/json and match the content-type
-2. MUST use utf-8 encoding when responding
-3. MUST accept utf-8 encoding
-4. MUST assume utf-8 if encoding is unspecified
-5. MUST accept POST requests
-6. MAY accept application/x-www-form-urlencoded formatted GET requests
-7. MAY NOT allow executing mutations on GET requests
-8. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-9. MUST accept application/json POST requests
-10. MUST require a request body on POST
-11. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-12. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
-13. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-14. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-15. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
-16. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-17. MUST allow string {query} parameter when accepting application/json
-18. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-19. MUST allow string {operationName} parameter when accepting application/json
-20. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-21. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-22. MUST allow map {variables} parameter when accepting application/json
-23. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
-24. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
-25. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-26. MUST allow map {extensions} parameter when accepting application/json
-27. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-28. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-29. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
-30. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-31. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-32. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-33. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-34. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-35. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-36. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-37. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-38. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+2. SHOULD accept \*/\* and use application/json for the content-type
+3. SHOULD assume application/json content-type when accept is missing
+4. MUST use utf-8 encoding when responding
+5. MUST accept utf-8 encoding
+6. MUST assume utf-8 if encoding is unspecified
+7. MUST accept POST requests
+8. MAY accept application/x-www-form-urlencoded formatted GET requests
+9. MAY NOT allow executing mutations on GET requests
+10. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+11. MUST accept application/json POST requests
+12. MUST require a request body on POST
+13. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+14. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+16. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+18. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+19. MUST allow string {query} parameter when accepting application/json
+20. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+21. MUST allow string {operationName} parameter when accepting application/json
+22. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+23. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+24. MUST allow map {variables} parameter when accepting application/json
+25. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+26. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+27. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+28. MUST allow map {extensions} parameter when accepting application/json
+29. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+30. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+31. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+32. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+33. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+34. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+35. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+36. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+37. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+38. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+39. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+40. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
## Warnings
The server _SHOULD_ support these, but is not required.
@@ -52,139 +54,131 @@ The server _SHOULD_ support these, but is not required.
```
Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
```
-2. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
-```
-Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
-```
-3. SHOULD assume application/graphql-response+json content-type when accept is missing
-```
-Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
-```
-4. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+2. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-5. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+3. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-6. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+4. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-7. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+5. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-8. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+6. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-9. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+7. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-10. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+8. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-11. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+9. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-12. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+10. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-13. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+11. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-14. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+12. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-15. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+13. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-16. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+14. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-17. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-18. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+16. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-19. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-20. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+18. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
```
Status code 400 is not 200
```
-21. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-22. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+20. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-23. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+21. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-24. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+22. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-25. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+23. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-26. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+24. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-27. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+25. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-28. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+26. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-29. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+27. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-30. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+28. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-31. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+29. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-32. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+30. SHOULD use 200 status code on JSON parsing failure when accepting application/json
```
Status code 400 is not 200
```
-33. SHOULD use 200 status code if parameters are invalid when accepting application/json
+31. SHOULD use 200 status code if parameters are invalid when accepting application/json
```
Status code 400 is not 200
```
-34. SHOULD use 200 status code on document parsing failure when accepting application/json
+32. SHOULD use 200 status code on document parsing failure when accepting application/json
```
Status code 400 is not 200
```
-35. SHOULD use 200 status code on document validation failure when accepting application/json
+33. SHOULD use 200 status code on document validation failure when accepting application/json
```
Status code 400 is not 200
```
diff --git a/implementations/graph-client/README.md b/implementations/graph-client/README.md
index 7bbb51e5..97907ad0 100644
--- a/implementations/graph-client/README.md
+++ b/implementations/graph-client/README.md
@@ -3,80 +3,90 @@ _* This report was auto-generated by graphql-http_
# GraphQL over HTTP audit report
- **73** audits in total
-- ✅ **73** pass
+- ✅ **71** pass
+- ⚠️ **2** warnings (optional)
## Passing
1. SHOULD accept application/graphql-response+json and match the content-type
2. MUST accept application/json and match the content-type
-3. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
-4. SHOULD assume application/graphql-response+json content-type when accept is missing
-5. MUST use utf-8 encoding when responding
-6. MUST accept utf-8 encoding
-7. MUST assume utf-8 if encoding is unspecified
-8. MUST accept POST requests
-9. MAY accept application/x-www-form-urlencoded formatted GET requests
-10. MAY NOT allow executing mutations on GET requests
-11. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-12. MUST accept application/json POST requests
-13. MUST require a request body on POST
-14. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-15. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
-16. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
-17. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-18. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-19. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
-20. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
-21. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
-22. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
-23. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
-24. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-25. MUST allow string {query} parameter when accepting application/json
-26. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
-27. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
-28. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
-29. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
-30. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
-31. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
-32. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
-33. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
-34. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-35. MUST allow string {operationName} parameter when accepting application/json
-36. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-37. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
-38. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
-39. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
-40. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
-41. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
-42. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
-43. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
-44. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-45. MUST allow map {variables} parameter when accepting application/json
-46. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
-47. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
-48. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
-49. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
-50. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
-51. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
-52. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
-53. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
-54. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
-55. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
-56. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-57. MUST allow map {extensions} parameter when accepting application/json
-58. SHOULD use 200 status code on JSON parsing failure when accepting application/json
-59. SHOULD use 200 status code if parameters are invalid when accepting application/json
-60. SHOULD use 200 status code on document parsing failure when accepting application/json
-61. SHOULD use 200 status code on document validation failure when accepting application/json
-62. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-63. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-64. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
-65. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-66. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-67. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-68. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-69. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-70. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-71. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-72. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-73. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+3. MUST use utf-8 encoding when responding
+4. MUST accept utf-8 encoding
+5. MUST assume utf-8 if encoding is unspecified
+6. MUST accept POST requests
+7. MAY accept application/x-www-form-urlencoded formatted GET requests
+8. MAY NOT allow executing mutations on GET requests
+9. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+10. MUST accept application/json POST requests
+11. MUST require a request body on POST
+12. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+13. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+14. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+16. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+18. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+20. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+21. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+22. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+23. MUST allow string {query} parameter when accepting application/json
+24. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+25. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+26. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+27. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+28. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+29. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+30. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+31. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+32. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+33. MUST allow string {operationName} parameter when accepting application/json
+34. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+35. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+36. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+37. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+38. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+39. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+40. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+41. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+42. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+43. MUST allow map {variables} parameter when accepting application/json
+44. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+45. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+46. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+47. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+48. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+49. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+50. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+51. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+52. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+53. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+54. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+55. MUST allow map {extensions} parameter when accepting application/json
+56. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+57. SHOULD use 200 status code if parameters are invalid when accepting application/json
+58. SHOULD use 200 status code on document parsing failure when accepting application/json
+59. SHOULD use 200 status code on document validation failure when accepting application/json
+60. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+61. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+62. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+63. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+64. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+65. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+66. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+67. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+68. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+69. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+70. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+71. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+
+## Warnings
+The server _SHOULD_ support these, but is not required.
+1. SHOULD accept \*/\* and use application/json for the content-type
+```
+Content-Type header "application/graphql-response+json; charset=utf-8" does not contain "application/json"
+```
+2. SHOULD assume application/json content-type when accept is missing
+```
+Content-Type header "application/graphql-response+json; charset=utf-8" does not contain "application/json"
+```
diff --git a/implementations/graphql-helix/README.md b/implementations/graphql-helix/README.md
index da1c67dd..12264139 100644
--- a/implementations/graphql-helix/README.md
+++ b/implementations/graphql-helix/README.md
@@ -3,50 +3,52 @@ _* This report was auto-generated by graphql-http_
# GraphQL over HTTP audit report
- **73** audits in total
-- ✅ **39** pass
-- ⚠️ **32** warnings (optional)
+- ✅ **41** pass
+- ⚠️ **30** warnings (optional)
- ❌ **2** errors (required)
## Passing
1. MUST accept application/json and match the content-type
-2. MUST use utf-8 encoding when responding
-3. MUST accept POST requests
-4. MAY accept application/x-www-form-urlencoded formatted GET requests
-5. MAY NOT allow executing mutations on GET requests
-6. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-7. MUST accept application/json POST requests
-8. MUST require a request body on POST
-9. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-10. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
-11. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-12. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-13. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
-14. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-15. MUST allow string {query} parameter when accepting application/json
-16. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
-17. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
-18. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
-19. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
-20. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-21. MUST allow string {operationName} parameter when accepting application/json
-22. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-23. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-24. MUST allow map {variables} parameter when accepting application/json
-25. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
-26. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
-27. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-28. MUST allow map {extensions} parameter when accepting application/json
-29. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-30. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-31. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-32. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-33. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-34. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-35. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-36. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-37. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-38. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-39. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+2. SHOULD accept \*/\* and use application/json for the content-type
+3. SHOULD assume application/json content-type when accept is missing
+4. MUST use utf-8 encoding when responding
+5. MUST accept POST requests
+6. MAY accept application/x-www-form-urlencoded formatted GET requests
+7. MAY NOT allow executing mutations on GET requests
+8. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+9. MUST accept application/json POST requests
+10. MUST require a request body on POST
+11. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+12. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+13. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+14. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+16. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+17. MUST allow string {query} parameter when accepting application/json
+18. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+19. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+20. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+21. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+22. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+23. MUST allow string {operationName} parameter when accepting application/json
+24. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+25. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+26. MUST allow map {variables} parameter when accepting application/json
+27. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+28. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+29. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+30. MUST allow map {extensions} parameter when accepting application/json
+31. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+32. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+33. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+34. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+35. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+36. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+37. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+38. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+39. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+40. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+41. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
## Warnings
The server _SHOULD_ support these, but is not required.
@@ -54,127 +56,119 @@ The server _SHOULD_ support these, but is not required.
```
Content-Type header "application/json" does not contain "application/graphql-response+json"
```
-2. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
-```
-Content-Type header "application/json" does not contain "application/graphql-response+json"
-```
-3. SHOULD assume application/graphql-response+json content-type when accept is missing
-```
-Content-Type header "application/json" does not contain "application/graphql-response+json"
-```
-4. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+2. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-5. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+3. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-6. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+4. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-7. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+5. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-8. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+6. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-9. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+7. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-10. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+8. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-11. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+9. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-12. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+10. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-13. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+11. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-14. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+12. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-15. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+13. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-16. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+14. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
```
Status code 400 is not 200
```
-17. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+15. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-18. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+16. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-19. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+17. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-20. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+18. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-21. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+19. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-22. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+20. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-23. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+21. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-24. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+22. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-25. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+23. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-26. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+24. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-27. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+25. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-28. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+26. SHOULD use 200 status code on JSON parsing failure when accepting application/json
```
Status code 400 is not 200
```
-29. SHOULD use 200 status code if parameters are invalid when accepting application/json
+27. SHOULD use 200 status code if parameters are invalid when accepting application/json
```
Status code 400 is not 200
```
-30. SHOULD use 200 status code on document parsing failure when accepting application/json
+28. SHOULD use 200 status code on document parsing failure when accepting application/json
```
Status code 400 is not 200
```
-31. SHOULD use 200 status code on document validation failure when accepting application/json
+29. SHOULD use 200 status code on document validation failure when accepting application/json
```
Status code 400 is not 200
```
-32. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+30. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
```
Response body is not valid JSON. Got "\n\n\n\nError\n\n\nSyntaxError: Unexpected end of JSON input
at JSON.parse (<anonymous>)
at parse (/home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/types/json.js:89:19)
at /home/runner/work/graphql-http/graphql-http/node_modules/body-parser/lib/read.js:128:18
at AsyncResource.runInAsyncScope (node:async_hooks:203:9)
at invokeCallback (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:231:16)
at done (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:220:7)
at IncomingMessage.onEnd (/home/runner/work/graphql-http/graphql-http/node_modules/raw-body/index.js:280:7)
at IncomingMessage.emit (node:events:513:28)
at endReadableNT (node:internal/streams/rea...
```
diff --git a/implementations/graphql-yoga/README.md b/implementations/graphql-yoga/README.md
index 7bbb51e5..97907ad0 100644
--- a/implementations/graphql-yoga/README.md
+++ b/implementations/graphql-yoga/README.md
@@ -3,80 +3,90 @@ _* This report was auto-generated by graphql-http_
# GraphQL over HTTP audit report
- **73** audits in total
-- ✅ **73** pass
+- ✅ **71** pass
+- ⚠️ **2** warnings (optional)
## Passing
1. SHOULD accept application/graphql-response+json and match the content-type
2. MUST accept application/json and match the content-type
-3. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
-4. SHOULD assume application/graphql-response+json content-type when accept is missing
-5. MUST use utf-8 encoding when responding
-6. MUST accept utf-8 encoding
-7. MUST assume utf-8 if encoding is unspecified
-8. MUST accept POST requests
-9. MAY accept application/x-www-form-urlencoded formatted GET requests
-10. MAY NOT allow executing mutations on GET requests
-11. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-12. MUST accept application/json POST requests
-13. MUST require a request body on POST
-14. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-15. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
-16. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
-17. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-18. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-19. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
-20. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
-21. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
-22. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
-23. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
-24. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-25. MUST allow string {query} parameter when accepting application/json
-26. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
-27. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
-28. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
-29. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
-30. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
-31. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
-32. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
-33. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
-34. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-35. MUST allow string {operationName} parameter when accepting application/json
-36. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-37. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
-38. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
-39. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
-40. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
-41. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
-42. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
-43. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
-44. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-45. MUST allow map {variables} parameter when accepting application/json
-46. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
-47. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
-48. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
-49. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
-50. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
-51. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
-52. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
-53. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
-54. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
-55. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
-56. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-57. MUST allow map {extensions} parameter when accepting application/json
-58. SHOULD use 200 status code on JSON parsing failure when accepting application/json
-59. SHOULD use 200 status code if parameters are invalid when accepting application/json
-60. SHOULD use 200 status code on document parsing failure when accepting application/json
-61. SHOULD use 200 status code on document validation failure when accepting application/json
-62. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-63. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-64. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
-65. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-66. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-67. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-68. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-69. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-70. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-71. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-72. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-73. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+3. MUST use utf-8 encoding when responding
+4. MUST accept utf-8 encoding
+5. MUST assume utf-8 if encoding is unspecified
+6. MUST accept POST requests
+7. MAY accept application/x-www-form-urlencoded formatted GET requests
+8. MAY NOT allow executing mutations on GET requests
+9. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+10. MUST accept application/json POST requests
+11. MUST require a request body on POST
+12. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+13. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+14. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+16. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+18. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+20. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+21. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+22. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+23. MUST allow string {query} parameter when accepting application/json
+24. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+25. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+26. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+27. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+28. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+29. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+30. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+31. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+32. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+33. MUST allow string {operationName} parameter when accepting application/json
+34. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+35. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+36. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+37. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+38. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+39. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+40. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+41. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+42. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+43. MUST allow map {variables} parameter when accepting application/json
+44. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+45. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+46. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+47. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+48. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+49. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+50. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+51. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+52. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+53. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+54. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+55. MUST allow map {extensions} parameter when accepting application/json
+56. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+57. SHOULD use 200 status code if parameters are invalid when accepting application/json
+58. SHOULD use 200 status code on document parsing failure when accepting application/json
+59. SHOULD use 200 status code on document validation failure when accepting application/json
+60. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+61. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+62. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+63. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+64. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+65. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+66. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+67. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+68. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+69. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+70. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+71. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+
+## Warnings
+The server _SHOULD_ support these, but is not required.
+1. SHOULD accept \*/\* and use application/json for the content-type
+```
+Content-Type header "application/graphql-response+json; charset=utf-8" does not contain "application/json"
+```
+2. SHOULD assume application/json content-type when accept is missing
+```
+Content-Type header "application/graphql-response+json; charset=utf-8" does not contain "application/json"
+```
diff --git a/implementations/hotchocolate/README.md b/implementations/hotchocolate/README.md
index 7bbb51e5..ff379bd3 100644
--- a/implementations/hotchocolate/README.md
+++ b/implementations/hotchocolate/README.md
@@ -3,80 +3,90 @@ _* This report was auto-generated by graphql-http_
# GraphQL over HTTP audit report
- **73** audits in total
-- ✅ **73** pass
+- ✅ **71** pass
+- ⚠️ **2** warnings (optional)
## Passing
1. SHOULD accept application/graphql-response+json and match the content-type
2. MUST accept application/json and match the content-type
-3. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
-4. SHOULD assume application/graphql-response+json content-type when accept is missing
-5. MUST use utf-8 encoding when responding
-6. MUST accept utf-8 encoding
-7. MUST assume utf-8 if encoding is unspecified
-8. MUST accept POST requests
-9. MAY accept application/x-www-form-urlencoded formatted GET requests
-10. MAY NOT allow executing mutations on GET requests
-11. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-12. MUST accept application/json POST requests
-13. MUST require a request body on POST
-14. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-15. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
-16. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
-17. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-18. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-19. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
-20. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
-21. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
-22. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
-23. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
-24. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-25. MUST allow string {query} parameter when accepting application/json
-26. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
-27. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
-28. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
-29. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
-30. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
-31. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
-32. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
-33. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
-34. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-35. MUST allow string {operationName} parameter when accepting application/json
-36. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-37. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
-38. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
-39. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
-40. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
-41. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
-42. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
-43. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
-44. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-45. MUST allow map {variables} parameter when accepting application/json
-46. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
-47. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
-48. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
-49. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
-50. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
-51. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
-52. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
-53. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
-54. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
-55. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
-56. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-57. MUST allow map {extensions} parameter when accepting application/json
-58. SHOULD use 200 status code on JSON parsing failure when accepting application/json
-59. SHOULD use 200 status code if parameters are invalid when accepting application/json
-60. SHOULD use 200 status code on document parsing failure when accepting application/json
-61. SHOULD use 200 status code on document validation failure when accepting application/json
-62. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-63. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-64. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
-65. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-66. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-67. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-68. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-69. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-70. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-71. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-72. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-73. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+3. MUST use utf-8 encoding when responding
+4. MUST accept utf-8 encoding
+5. MUST assume utf-8 if encoding is unspecified
+6. MUST accept POST requests
+7. MAY accept application/x-www-form-urlencoded formatted GET requests
+8. MAY NOT allow executing mutations on GET requests
+9. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+10. MUST accept application/json POST requests
+11. MUST require a request body on POST
+12. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+13. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+14. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+16. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+18. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+20. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+21. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+22. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+23. MUST allow string {query} parameter when accepting application/json
+24. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+25. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+26. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+27. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+28. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+29. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+30. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+31. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+32. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+33. MUST allow string {operationName} parameter when accepting application/json
+34. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+35. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+36. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+37. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+38. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+39. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+40. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+41. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+42. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+43. MUST allow map {variables} parameter when accepting application/json
+44. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+45. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+46. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+47. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+48. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+49. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+50. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+51. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+52. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+53. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+54. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+55. MUST allow map {extensions} parameter when accepting application/json
+56. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+57. SHOULD use 200 status code if parameters are invalid when accepting application/json
+58. SHOULD use 200 status code on document parsing failure when accepting application/json
+59. SHOULD use 200 status code on document validation failure when accepting application/json
+60. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+61. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+62. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+63. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+64. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+65. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+66. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+67. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+68. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+69. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+70. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+71. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+
+## Warnings
+The server _SHOULD_ support these, but is not required.
+1. SHOULD accept \*/\* and use application/json for the content-type
+```
+Content-Type header "application/graphql-response+json;charset=utf-8" does not contain "application/json"
+```
+2. SHOULD assume application/json content-type when accept is missing
+```
+Content-Type header "application/graphql-response+json;charset=utf-8" does not contain "application/json"
+```
diff --git a/implementations/mercurius/README.md b/implementations/mercurius/README.md
index 02a73300..fcf66966 100644
--- a/implementations/mercurius/README.md
+++ b/implementations/mercurius/README.md
@@ -3,53 +3,55 @@ _* This report was auto-generated by graphql-http_
# GraphQL over HTTP audit report
- **73** audits in total
-- ✅ **43** pass
-- ⚠️ **30** warnings (optional)
+- ✅ **45** pass
+- ⚠️ **28** warnings (optional)
## Passing
1. MUST accept application/json and match the content-type
-2. MUST use utf-8 encoding when responding
-3. MUST accept utf-8 encoding
-4. MUST assume utf-8 if encoding is unspecified
-5. MUST accept POST requests
-6. MAY accept application/x-www-form-urlencoded formatted GET requests
-7. MAY NOT allow executing mutations on GET requests
-8. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-9. MUST accept application/json POST requests
-10. MUST require a request body on POST
-11. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-12. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
-13. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-14. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-15. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
-16. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-17. MUST allow string {query} parameter when accepting application/json
-18. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
-19. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
-20. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
-21. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
-22. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-23. MUST allow string {operationName} parameter when accepting application/json
-24. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-25. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
-26. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-27. MUST allow map {variables} parameter when accepting application/json
-28. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
-29. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
-30. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
-31. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
-32. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
-33. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
-34. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-35. MUST allow map {extensions} parameter when accepting application/json
-36. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-37. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-38. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-39. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-40. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-41. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-42. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-43. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+2. SHOULD accept \*/\* and use application/json for the content-type
+3. SHOULD assume application/json content-type when accept is missing
+4. MUST use utf-8 encoding when responding
+5. MUST accept utf-8 encoding
+6. MUST assume utf-8 if encoding is unspecified
+7. MUST accept POST requests
+8. MAY accept application/x-www-form-urlencoded formatted GET requests
+9. MAY NOT allow executing mutations on GET requests
+10. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+11. MUST accept application/json POST requests
+12. MUST require a request body on POST
+13. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+14. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+16. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+18. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+19. MUST allow string {query} parameter when accepting application/json
+20. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+21. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+22. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+23. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+24. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+25. MUST allow string {operationName} parameter when accepting application/json
+26. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+27. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+28. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+29. MUST allow map {variables} parameter when accepting application/json
+30. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+31. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+32. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+33. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+34. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+35. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+36. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+37. MUST allow map {extensions} parameter when accepting application/json
+38. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+39. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+40. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+41. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+42. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+43. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+44. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+45. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
## Warnings
The server _SHOULD_ support these, but is not required.
@@ -57,119 +59,111 @@ The server _SHOULD_ support these, but is not required.
```
Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
```
-2. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
-```
-Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
-```
-3. SHOULD assume application/graphql-response+json content-type when accept is missing
-```
-Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
-```
-4. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+2. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-5. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+3. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-6. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+4. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-7. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+5. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-8. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+6. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-9. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+7. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-10. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+8. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-11. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+9. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-12. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+10. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-13. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+11. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-14. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+12. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-15. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+13. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
```
Status code 400 is not 200
```
-16. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+14. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-17. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+15. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-18. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+16. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
```
Status code 400 is not 200
```
-19. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+17. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
```
Status code 400 is not 200
```
-20. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+18. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
```
Status code 400 is not 200
```
-21. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
```
Status code 400 is not 200
```
-22. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+20. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
```
Status code 400 is not 200
```
-23. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+21. SHOULD use 200 status code on JSON parsing failure when accepting application/json
```
Status code 400 is not 200
```
-24. SHOULD use 200 status code if parameters are invalid when accepting application/json
+22. SHOULD use 200 status code if parameters are invalid when accepting application/json
```
Status code 400 is not 200
```
-25. SHOULD use 200 status code on document parsing failure when accepting application/json
+23. SHOULD use 200 status code on document parsing failure when accepting application/json
```
Status code 400 is not 200
```
-26. SHOULD use 200 status code on document validation failure when accepting application/json
+24. SHOULD use 200 status code on document validation failure when accepting application/json
```
Status code 400 is not 200
```
-27. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+25. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
```
Data entry null is not undefined
```
-28. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+26. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
```
Data entry null is not undefined
```
-29. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+27. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
```
Data entry null is not undefined
```
-30. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+28. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
```
Data entry null is not undefined
```
diff --git a/implementations/postgraphile/README.md b/implementations/postgraphile/README.md
index 078b93ff..f6b73696 100644
--- a/implementations/postgraphile/README.md
+++ b/implementations/postgraphile/README.md
@@ -3,49 +3,50 @@ _* This report was auto-generated by graphql-http_
# GraphQL over HTTP audit report
- **73** audits in total
-- ✅ **39** pass
-- ⚠️ **34** warnings (optional)
+- ✅ **40** pass
+- ⚠️ **33** warnings (optional)
## Passing
1. MUST accept application/json and match the content-type
-2. MUST use utf-8 encoding when responding
-3. MUST accept utf-8 encoding
-4. MUST assume utf-8 if encoding is unspecified
-5. MUST accept POST requests
-6. MAY NOT allow executing mutations on GET requests
-7. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
-8. MUST accept application/json POST requests
-9. MUST require a request body on POST
-10. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
-11. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
-12. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
-13. SHOULD allow string {query} parameter when accepting application/graphql-response+json
-14. MUST allow string {query} parameter when accepting application/json
-15. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
-16. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
-17. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
-18. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
-19. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
-20. MUST allow string {operationName} parameter when accepting application/json
-21. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
-22. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
-23. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
-24. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
-25. MUST allow map {variables} parameter when accepting application/json
-26. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
-27. MUST allow map {extensions} parameter when accepting application/json
-28. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
-29. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
-30. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
-31. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
-32. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
-33. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
-34. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
-35. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
-36. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
-37. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
-38. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
-39. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
+2. SHOULD accept \*/\* and use application/json for the content-type
+3. MUST use utf-8 encoding when responding
+4. MUST accept utf-8 encoding
+5. MUST assume utf-8 if encoding is unspecified
+6. MUST accept POST requests
+7. MAY NOT allow executing mutations on GET requests
+8. SHOULD respond with 4xx status code if content-type is not supplied on POST requests
+9. MUST accept application/json POST requests
+10. MUST require a request body on POST
+11. SHOULD use 400 status code on missing {query} parameter when accepting application/graphql-response+json
+12. SHOULD use 400 status code on number {query} parameter when accepting application/graphql-response+json
+13. SHOULD use 400 status code on boolean {query} parameter when accepting application/graphql-response+json
+14. SHOULD allow string {query} parameter when accepting application/graphql-response+json
+15. MUST allow string {query} parameter when accepting application/json
+16. SHOULD use 400 status code on object {operationName} parameter when accepting application/graphql-response+json
+17. SHOULD use 400 status code on number {operationName} parameter when accepting application/graphql-response+json
+18. SHOULD use 400 status code on boolean {operationName} parameter when accepting application/graphql-response+json
+19. SHOULD use 400 status code on array {operationName} parameter when accepting application/graphql-response+json
+20. SHOULD allow string {operationName} parameter when accepting application/graphql-response+json
+21. MUST allow string {operationName} parameter when accepting application/json
+22. SHOULD use 400 status code on string {variables} parameter when accepting application/graphql-response+json
+23. SHOULD use 400 status code on number {variables} parameter when accepting application/graphql-response+json
+24. SHOULD use 400 status code on boolean {variables} parameter when accepting application/graphql-response+json
+25. SHOULD allow map {variables} parameter when accepting application/graphql-response+json
+26. MUST allow map {variables} parameter when accepting application/json
+27. SHOULD allow map {extensions} parameter when accepting application/graphql-response+json
+28. MUST allow map {extensions} parameter when accepting application/json
+29. SHOULD use 4xx or 5xx status codes on JSON parsing failure when accepting application/graphql-response+json
+30. SHOULD use 400 status code on JSON parsing failure when accepting application/graphql-response+json
+31. SHOULD not contain the data entry on JSON parsing failure when accepting application/graphql-response+json
+32. SHOULD use 4xx or 5xx status codes if parameters are invalid when accepting application/graphql-response+json
+33. SHOULD use 400 status code if parameters are invalid when accepting application/graphql-response+json
+34. SHOULD not contain the data entry if parameters are invalid when accepting application/graphql-response+json
+35. SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json
+36. SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json
+37. SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json
+38. SHOULD use 4xx or 5xx status codes on document validation failure when accepting application/graphql-response+json
+39. SHOULD use 400 status code on document validation failure when accepting application/graphql-response+json
+40. SHOULD not contain the data entry on document validation failure when accepting application/graphql-response+json
## Warnings
The server _SHOULD_ support these, but is not required.
@@ -53,135 +54,131 @@ The server _SHOULD_ support these, but is not required.
```
Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
```
-2. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
+2. SHOULD assume application/json content-type when accept is missing
```
-Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
-```
-3. SHOULD assume application/graphql-response+json content-type when accept is missing
-```
-Content-Type header "application/json; charset=utf-8" does not contain "application/graphql-response+json"
+Status code 405 is not 200
```
-4. MAY accept application/x-www-form-urlencoded formatted GET requests
+3. MAY accept application/x-www-form-urlencoded formatted GET requests
```
Status code 405 is not 200
```
-5. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
+4. SHOULD use 200 status code with errors field on missing {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-6. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
+5. SHOULD use 400 status code on object {query} parameter when accepting application/graphql-response+json
```
Status code 500 is not 400
```
-7. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
+6. SHOULD use 400 status code on array {query} parameter when accepting application/graphql-response+json
```
Status code 500 is not 400
```
-8. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
+7. SHOULD use 200 status code with errors field on object {query} parameter when accepting application/json
```
Status code 500 is not 200
```
-9. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
+8. SHOULD use 200 status code with errors field on number {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-10. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
+9. SHOULD use 200 status code with errors field on boolean {query} parameter when accepting application/json
```
Status code 400 is not 200
```
-11. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
+10. SHOULD use 200 status code with errors field on array {query} parameter when accepting application/json
```
Status code 500 is not 200
```
-12. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
+11. SHOULD use 200 status code with errors field on object {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-13. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
+12. SHOULD use 200 status code with errors field on number {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-14. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
+13. SHOULD use 200 status code with errors field on boolean {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-15. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
+14. SHOULD use 200 status code with errors field on array {operationName} parameter when accepting application/json
```
Status code 400 is not 200
```
-16. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
+15. SHOULD use 400 status code on array {variables} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-17. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
+16. SHOULD use 200 status code with errors field on string {variables} parameter when accepting application/json
```
Status code 400 is not 200
```
-18. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
+17. SHOULD use 200 status code with errors field on number {variables} parameter when accepting application/json
```
Status code 400 is not 200
```
-19. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
+18. SHOULD use 200 status code with errors field on boolean {variables} parameter when accepting application/json
```
Status code 400 is not 200
```
-20. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
+19. SHOULD use 200 status code with errors field on array {variables} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-21. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
+20. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/graphql-response+json
```
Status code 405 is not 200
```
-22. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
+21. MAY allow URL-encoded JSON string {variables} parameter in GETs when accepting application/json
```
Status code 405 is not 200
```
-23. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
+22. SHOULD use 400 status code on string {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-24. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
+23. SHOULD use 400 status code on number {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-25. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
+24. SHOULD use 400 status code on boolean {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-26. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
+25. SHOULD use 400 status code on array {extensions} parameter when accepting application/graphql-response+json
```
Status code 200 is not 400
```
-27. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
+26. SHOULD use 200 status code with errors field on string {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-28. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
+27. SHOULD use 200 status code with errors field on number {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-29. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
+28. SHOULD use 200 status code with errors field on boolean {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-30. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
+29. SHOULD use 200 status code with errors field on array {extensions} parameter when accepting application/json
```
Execution result {"data":{"__typename":"Query"}} does not have a property 'errors'
```
-31. SHOULD use 200 status code on JSON parsing failure when accepting application/json
+30. SHOULD use 200 status code on JSON parsing failure when accepting application/json
```
Status code 400 is not 200
```
-32. SHOULD use 200 status code if parameters are invalid when accepting application/json
+31. SHOULD use 200 status code if parameters are invalid when accepting application/json
```
Status code 400 is not 200
```
-33. SHOULD use 200 status code on document parsing failure when accepting application/json
+32. SHOULD use 200 status code on document parsing failure when accepting application/json
```
Status code 400 is not 200
```
-34. SHOULD use 200 status code on document validation failure when accepting application/json
+33. SHOULD use 200 status code on document validation failure when accepting application/json
```
Status code 400 is not 200
```
diff --git a/implementations/thegraph/README.md b/implementations/thegraph/README.md
index 51a556d0..06293248 100644
--- a/implementations/thegraph/README.md
+++ b/implementations/thegraph/README.md
@@ -22,13 +22,13 @@ The server _SHOULD_ support these, but is not required.
```
Status code 404 is not 200
```
-2. SHOULD accept \*/\* and use application/graphql-response+json for the content-type
+2. SHOULD accept \*/\* and use application/json for the content-type
```
Status code 404 is not 200
```
-3. SHOULD assume application/graphql-response+json content-type when accept is missing
+3. SHOULD assume application/json content-type when accept is missing
```
-Status code 404 is not 200
+Content-Type header "text/html" does not contain "application/json"
```
4. MAY NOT allow executing mutations on GET requests
```
diff --git a/src/__tests__/handler.ts b/src/__tests__/handler.ts
index 8096686c..79bb7ab2 100644
--- a/src/__tests__/handler.ts
+++ b/src/__tests__/handler.ts
@@ -30,7 +30,6 @@ it('should report graphql errors returned from onSubscribe', async () => {
const url = new URL(server.url);
url.searchParams.set('query', '{ __typename }');
const res = await fetch(url.toString());
- expect(res.status).toBe(400);
expect(res.json()).resolves.toEqual({ errors: [{ message: 'Woah!' }] });
});
@@ -90,6 +89,11 @@ it('should respond with error if execution result is iterable', async () => {
const url = new URL(server.url);
url.searchParams.set('query', '{ __typename }');
const result = await fetch(url.toString());
-
- expect(result.status).toBe(400);
+ expect(result.json()).resolves.toEqual({
+ errors: [
+ {
+ message: 'Subscriptions are not supported',
+ },
+ ],
+ });
});
diff --git a/src/audits/server.ts b/src/audits/server.ts
index 9885af8d..ede7cff5 100644
--- a/src/audits/server.ts
+++ b/src/audits/server.ts
@@ -79,8 +79,7 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
},
),
audit(
- // TODO: convert to MUST after watershed
- 'SHOULD accept */* and use application/graphql-response+json for the content-type',
+ 'SHOULD accept */* and use application/json for the content-type',
async () => {
const res = await fetchFn(opts.url, {
method: 'POST',
@@ -94,25 +93,21 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
assert(
'Content-Type header',
res.headers.get('content-type'),
- ).toContain('application/graphql-response+json');
+ ).toContain('application/json');
},
),
audit(
- // TODO: convert to MUST after watershed
- 'SHOULD assume application/graphql-response+json content-type when accept is missing',
+ 'SHOULD assume application/json content-type when accept is missing',
async () => {
- const res = await fetchFn(opts.url, {
- method: 'POST',
- headers: {
- 'content-type': 'application/json',
- },
- body: JSON.stringify({ query: '{ __typename }' }),
- });
+ const url = new URL(opts.url);
+ url.searchParams.set('query', '{ __typename }');
+
+ const res = await fetchFn(url.toString());
assert('Status code', res.status).toBe(200);
assert(
'Content-Type header',
res.headers.get('content-type'),
- ).toContain('application/graphql-response+json');
+ ).toContain('application/json');
},
),
audit('MUST use utf-8 encoding when responding', async () => {
@@ -236,7 +231,14 @@ export function serverAudits(opts: ServerAuditOptions): Audit[] {
method: 'POST',
headers: { 'content-type': 'application/json' },
});
- assert('Status code', res.status).toBe(400);
+ if (res.headers.get('content-type')?.includes('application/json')) {
+ assert(
+ 'Execution result',
+ await assertBodyAsExecutionResult(res),
+ ).toHaveProperty('errors');
+ } else {
+ assert('Status code', res.status).toBe(400);
+ }
}),
// Request Parameters
audit(
diff --git a/src/handler.ts b/src/handler.ts
index 4f15f28f..84c3878a 100644
--- a/src/handler.ts
+++ b/src/handler.ts
@@ -629,18 +629,21 @@ export function getAcceptableMediaType(
const charset =
params?.find((param) => param.includes('charset=')) || 'charset=utf8'; // utf-8 is assumed when not specified;
- if (mediaType === 'application/json' && charset === 'charset=utf8') {
- acceptedMediaType = 'application/json';
+ if (
+ mediaType === 'application/graphql-response+json' &&
+ charset === 'charset=utf8'
+ ) {
+ acceptedMediaType = 'application/graphql-response+json';
break;
}
if (
- (mediaType === 'application/graphql-response+json' ||
+ (mediaType === 'application/json' ||
mediaType === 'application/*' ||
mediaType === '*/*') &&
charset === 'charset=utf8'
) {
- acceptedMediaType = 'application/graphql-response+json';
+ acceptedMediaType = 'application/json';
break;
}
}