Remove CSRF protection for downloading GraphQL schema
Problem to solve
I would like to download GraphQL schema as JSON file to enable GraphQL VS Code extension for GraphQL queries autocompletion and validation.
Also, if we have strong typings on FE with TypeScript, downloading schema will be necessary to create types based on schema.
Target audience
Frontend team
Further details
The issue is when I try to download schema via graphql-cli or apollo-tooling I have 500 server error as a response. The reason is we have CSRF protection enabled: I need to send CSRF token via header but this CSRF token is dynamic, our frontend application reads is from the meta
tag.
I wonder if we can disable CSRF protection on GraphQL queries (or at least introspection query)?
/cc @reprazent @DouweM