POST based url-encoded query (possible CSRF)

The GraphQL endpoint accepts non-JSON queries, such as URL-encoded data, via POST requests.

This can create a security vulnerability, as it may expose the endpoint to Cross-Site Request Forgery (CSRF) attacks. Allowing non-JSON payloads increases the risk of malicious actors crafting exploitative POST requests from unauthorized origins.