Asp.net core .net核心GraphQL,GraphQL.SystemTextJson:x27的序列化和反序列化;系统类型';实例不受支持
在ASP.NET core 5应用程序中,我将GraphQL与GraphQL.SystemTextJson一起使用。 当我尝试返回结果时,我得到s System.NotSupportedException,它说“不支持对'System.Type'实例的序列化和反序列化,应该避免,因为它们可能导致安全问题。” 我怀疑DocumentWriter的配置中缺少某些内容 它在ConfigureServices中的配置如下:Asp.net core .net核心GraphQL,GraphQL.SystemTextJson:x27的序列化和反序列化;系统类型';实例不受支持,asp.net-core,graphql,jsonserializer,Asp.net Core,Graphql,Jsonserializer,在ASP.NET core 5应用程序中,我将GraphQL与GraphQL.SystemTextJson一起使用。 当我尝试返回结果时,我得到s System.NotSupportedException,它说“不支持对'System.Type'实例的序列化和反序列化,应该避免,因为它们可能导致安全问题。” 我怀疑DocumentWriter的配置中缺少某些内容 它在ConfigureServices中的配置如下: public void ConfigureServices(IServi
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
...
services.AddScoped<IDocumentWriter, DocumentWriter>();
services.AddControllers()
.AddJsonOptions(options =>
{
options.JsonSerializerOptions.WriteIndented = true;
options.JsonSerializerOptions.Converters.Add(new CustomJsonConverterForType());
});
我解决了创建自定义JsonConverter的问题:
public class CustomJsonConverterForType : JsonConverter<Type>
{
public override Type Read(
ref Utf8JsonReader reader,
Type typeToConvert,
JsonSerializerOptions options
)
{
// Caution: Deserialization of type instances like this
// is not recommended and should be avoided
// since it can lead to potential security issues.
// If you really want this supported (for instance if the JSON input is trusted):
// string assemblyQualifiedName = reader.GetString();
// return Type.GetType(assemblyQualifiedName);
throw new NotSupportedException();
}
public override void Write(
Utf8JsonWriter writer,
Type value,
JsonSerializerOptions options
)
{
string assemblyQualifiedName = value.AssemblyQualifiedName;
// Use this with caution, since you are disclosing type information.
writer.WriteStringValue(assemblyQualifiedName);
}
}
我通过使用文档中显示的代码片段修复了该问题:
[HttpPost]
公共异步任务Post([FromBody]GraphQLQueryTo查询)
{
var result=wait\u execute.ExecuteAsync(\u=>
{
_.Schema=_Schema;
_.Query=Query.Query;
_.Inputs=query.Variables?.ToInputs();
});
/*--------增加了这个---------------------------------*/
HttpContext.Response.ContentType=“应用程序/json”;
HttpContext.Response.StatusCode=200;//确定
var writer=new GraphQL.SystemTextJson.DocumentWriter();
wait writer.WriteAsync(HttpContext.Response.Body,result)*
/* ------------------------------------------------------*/
如果(结果错误?.Count>0)
{
返回请求();
}
返回Ok(结果数据);
}
}
public class CustomJsonConverterForType : JsonConverter<Type>
{
public override Type Read(
ref Utf8JsonReader reader,
Type typeToConvert,
JsonSerializerOptions options
)
{
// Caution: Deserialization of type instances like this
// is not recommended and should be avoided
// since it can lead to potential security issues.
// If you really want this supported (for instance if the JSON input is trusted):
// string assemblyQualifiedName = reader.GetString();
// return Type.GetType(assemblyQualifiedName);
throw new NotSupportedException();
}
public override void Write(
Utf8JsonWriter writer,
Type value,
JsonSerializerOptions options
)
{
string assemblyQualifiedName = value.AssemblyQualifiedName;
// Use this with caution, since you are disclosing type information.
writer.WriteStringValue(assemblyQualifiedName);
}
}
services.AddControllers()
.AddJsonOptions(options =>
{
options.JsonSerializerOptions.WriteIndented = true;
options.JsonSerializerOptions.Converters.Add(new CustomJsonConverterForType());
});
[HttpPost]
public async Task<IActionResult> Post([FromBody] GraphQLQueryDTO query)
{
var result = await _executer.ExecuteAsync(_ =>
{
_.Schema = _schema;
_.Query = query.Query;
_.Inputs = query.Variables?.ToInputs();
});
/* ----------- Added this ---------------------------------*/
HttpContext.Response.ContentType = "application/json";
HttpContext.Response.StatusCode = 200; // OK
var writer = new GraphQL.SystemTextJson.DocumentWriter();
await writer.WriteAsync(HttpContext.Response.Body, result);*
/* ------------------------------------------------------*/
if (result.Errors?.Count > 0)
{
return BadRequest();
}
return Ok(result.Data);
}
}