graphene-django icon indicating copy to clipboard operation
graphene-django copied to clipboard

Published 20 hours ago verified publisher icon graphql-python

Delay assignment of csrftoken in Graphiql

Open c-py opened this issue 3 years ago • 2 comments

The csrftoken is currently assigned only when graphiql.js is first loaded.

The current csrftoken can rotated by Django, for instance when a user logs in. rotate_token performs the rotation.

When this happens, the csrftoken held by graphiql.js is invalid and Graphiql will receive CSRF errors.

This PR delays the assignment of the csrftoken by moving it into the httpClient function so when the csrftoken is rotated by Django, Graphiql can pick up the new token from the cookies.

c-py avatar Jan 19 '22 03:01 c-py

@keithhackbarth Do you happen to know what I should do to merge this PR? I'm not authorized to do so and the build status is still in orange.

c-py avatar Feb 21 '22 23:02 c-py

Ran into this issue, would be great if this can be merged and included in a future release!

edwinvandeven avatar Apr 16 '22 07:04 edwinvandeven