Site icon API Security Blog

Shopify: Same the Url

## Summary:
i found the /graphql path and /performance_report with the post method. when i will create page with name /graphql i am not allowed on the grounds it is reserved but i can create page with name performance_report.
although both use the same method but only /graphql cannot be created.

## Shops Used to Test:
https://linkpop.com/performance_report

## Steps To Reproduce:
1. login to https://linkpop.com
2. create page and use performance_report to profile page url.
3. and it will be created successfully

Best Regards,
@4bel

## Impact

It is clear that /performance_report should not be used like /graphql.Read More

Exit mobile version