`ctx.body` empty inside GraphQL policy

System Information
  • Strapi Version: 3.6.8
  • Operating System: Windows 10
  • Database: Postgres
  • Node Version: 14.x

Hello everyone!

After tinkering around for way too long, I have to give up and ask for help.

I need to create a policy which I would like to use to protect a GraphQL resolver.

I’ve set it up with a custom schema.graphql.js file which works fine, the policy gets executed as expected.

But the policy I’d like to implement needs to have access to the response data of the controller, as I’d like to prove ownership. Unfortunately, ctx.body is empty; it shouldn’t be after executing await next(), right? For the REST API, ctx.body is populated, but not for the GraphQL API.
Shouldn’t the behavior of policies be the same? I wouldn’t like to have to go the route like mentioned in this the ‘isOwner’ tutorial, that’s just not scalable, and something like that should be a reusable policy IMO.

There’s already a similar thread, but without helpful results:

So, is this intended behavior or is there a way to retrieve the response data inside GraphQL policies?


module.exports = async (ctx, next) => {
  await next();

  console.log("Should not be empty", ctx.body);

ctx.request.body not ctx.body :slight_smile:

Interesting, ctx.request.body is also undefined for me with a GraphQL Policy. Any other possible suggestions? Thanks

Using Strapi version 3.6.8