CSRF on GraphQL endpoint


I am currently doing bug bounty on a company which uses GRAPHQL for their query language and would like to check if CSRF is possible. After playing around with burpsuite I have conclude the following;

  • Company doesn’t use csrf token when fetching data
  • Origin and Referer can be erased and request will still work

If the company is using JSON, I would be able to produce a PoC for CSRF but because they are using GraphQL, I could produce CSRF PoC for the following reason;

  • Everytime form ‘Content-Type’ is set to ‘text/plain’ and every data has been setup inside of my input form, a ‘=’ is appended at the end of body request, like this:

    POST /HTTPT/1.1

    — Request Body —

    [ … ]=

– This equal sign caused the request to fail

IS there anyway I could bypass this? Been looking for a while but got nothing. Thank you in advance!