Add notes for Jan 2024 WG (#285)

benjie · web-flow · commit 40b37111ad51 · 2024-01-29T09:49:35.000Z
diff --git a/working-group/notes/2024/2024-01.md b/working-group/notes/2024/2024-01.md
@@ -0,0 +1,29 @@
+# GraphQL-over-HTTP WG - 25th January 2024
+
+**Watch the replay**:
+https://www.youtube.com/watch?v=nHSixplvCc0&list=PLP1igyLx8foEz9127xc0SsabIrbTMt9g5
+
+Agenda:
+[https://github.com/graphql/graphql-over-http/blob/main/working-group/agendas/2024/2024-01-25.md](https://github.com/graphql/graphql-over-http/blob/main/working-group/agendas/2024/2024-01-25.md)
+
+## [Other keys are reserved](https://github.com/graphql/graphql-over-http/pull/278) (10m, Benjie)
+
+- We want to explicitly reserve the keys, extensions are meant for extending the
+  keys. We reserve the top-level shape (query, variables, extensions,
+  operationName). The paragraph needs to clarify this
+- It has been open for a while no-one has raised concerns
+
+## [Advancing the spec to stage 2](https://github.com/graphql/graphql-over-http/pull/275) (5m, Benjie)
+
+- Has been approved by the main wg
+- :tada: merged the pull request effectively putting us at stage 2
+
+## [Adding a section on security concerns](https://github.com/graphql/graphql-over-http/issues/280) (30m, Benjie)
+
+- We don’t need to re-iterate all the HTTP security concerns as they are covered
+  in different places
+- However we shouldn’t ignore this, especially for GraphQL pitfalls
+  - Example: particular media-types bypass CORS
+- Inquiring with David Griesser and Stellate for Security concerns
+- Generic HTTP security concerns
+- **ACTION** - Jovi: reach out to Apollo regarding Persisted operations
