strapi-jwt-cookies icon indicating copy to clipboard operation
strapi-jwt-cookies copied to clipboard

Published 20 hours ago verified publisher icon bwyx

Add option to secure graphql route

Open ChristianBlom84 opened this issue 2 years ago • 3 comments

Is there a way to apply the cookie setting/getting to the graphql route as well?

We're using Apollo Client on the frontend and the graphql plugin. When I send a login mutation using the graphql, there are no cookies set, but they're set when I send the request to the /api/auth/local endpoint.

ChristianBlom84 avatar Jan 27 '23 11:01 ChristianBlom84

@ChristianBlom84 have you tried explicitly telling Apollo Client to pass cookies along as described here?

const link = createHttpLink({
  uri: '/graphql',
  credentials: 'same-origin' // 👈
});

const client = new ApolloClient({
  cache: new InMemoryCache(),
  link,
});

callmephilip avatar Nov 08 '23 17:11 callmephilip

i guess i have misread the original post - i guess the issue is with the SERVER not setting cookies correctly. @bwyx how would you approach fixing this? does this require intercepting all graphql requests and then inspecting query/mutation?

callmephilip avatar Nov 08 '23 17:11 callmephilip

i guess a workaround for now would be to login via REST API and then rely on cookie setting via credentials: 'same-origin'

callmephilip avatar Nov 08 '23 17:11 callmephilip