graphql-playground icon indicating copy to clipboard operation
graphql-playground copied to clipboard

Published 20 hours ago • verified publisher icon graphql

subscription request not sending additional http headers

Open NikkyAI opened this issue 3 years ago • 4 comments

This issue pertains to the following package(s):

  • [ ] GraphQL Playground - Electron App
  • [ ] GraphQL Playground HTML
  • [ ] GraphQL Playground
  • [ ] GraphQL Playground Express Middleware
  • [ ] GraphQL Playground Hapi Middleware
  • [ ] GraphQL Playground Koa Middleware
  • [ ] GraphQL Playground Lambda Middleware

What version of graphql-playground(-electron/-middleware) are you experiencing the issue(s) on?

whatever is delivered by `cdn.jsdelivr.net/npm/graphql-playground-react/build/static/js/middleware.js

What is the expected behavior?

HTTP headers added to /subscriptions request eg: custom Authentication header

What is the actual behavior?

no Authentication header being added

What steps may we take to reproduce the behavior?

add headers and inspect /subscriptions websocket request via browser tools

might be duplicate of #1296

NikkyAI avatar Jan 12 '21 16:01 NikkyAI

Websockets cannot send headers, the spec doesn't allow it and browsers don't support it.

When you connect a subscription, rather than sending Authorization as a header, Playground sends it with the 'payload' it sends during connection. (so you'd get an object like {"Authorization": "Bearer ...", ...})

How you handle this depends on your backend. I was able to parse and handle it in ASP.Net Core with HotChocolate, validate the JWT and pass the UserId forward for my subscription endpoints to use by hooking HotChocolate's OnConnect event for the websocket.

bizzycola avatar Mar 19 '21 16:03 bizzycola

@bizzycola what about sending the headers object as default subscription init payload? I think that would fit most users needs.

Speaking of subscription payloads. Whats the correct way to configure them in Playground? Did not yet found one.

lanwin avatar Apr 23 '21 10:04 lanwin

@lanwin That could be a viable way to handle it. I've not tested if Playground includes any headers other than Authorization in the payload so could be worth a try.

A way to configure the payload would also be useful, and hopefully not too hard to implement.

bizzycola avatar Apr 23 '21 23:04 bizzycola

Hello! I ran into this issue today.

I understand that Websockets do not have a concept of headers, but neither does it have a concept of cookies, and they are being sent along using the intial HTTP exchange. So it would be very handy if headers could be included as well.

bartenra avatar Jun 07 '21 10:06 bartenra