graphql-playground Cors

Cors

Open timrs2998 opened this issue 6 years ago • 11 comments

This issue pertains to:

[x] GraphQL Playground - Electron App
[ ] GraphQL Playground
[ ] GraphQL Playground Middleware

What OS and OS version are you experiencing the issue(s) on?

macOS Sierra 10.12.6

What version of graphql-playground(-electron/-middleware) are you experience the issue(s) on?

GraphQL Playground 1.3.0

What is the expected behavior?

Origin header should not be sent, or should be electron://graphiql-app (to match GraphiQL), so CORS can effectively be enabled by GraphQL servers.

What is the actual behavior?

Using devtools in GraphQL Playground, it sends a request header Origin:null.

What steps may we take to reproduce the behavior?

Open GraphQL Playground App, Toggle Developer Tools and open the network tab, and look for the request headers.

Dec 01 '17 15:12 timrs2998

I noticed this can't be overridden by the headers tab in Playground. Might it be desirable to allow that, at least for requests to localhost/127.0.0.1?

I'm willing to work on this and would love some more feedback.

Jul 25 '18 00:07 tjpeden

My server will also reject any request containing null origin. A fix was made for this same issue in graphiql-app and playground should do the same thing: https://github.com/skevy/graphiql-app/pull/66/files

main.js

electron.session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => {
    details.requestHeaders['Origin'] = 'electron://graphql-playground';
    callback({ cancel: false, requestHeaders: details.requestHeaders });
  });

As a workaround one can use the local webpage version: https://github.com/prisma/graphql-playground#as-html-page

Aug 29 '18 17:08 Enalmada

What is the expected behavior? Origin header should not be sent, or should be electron://graphiql-app (to match GraphiQL), or should be the value set for a matching "Origin" header in the HTTP Headers panel, so CORS can effectively be enabled by GraphQL servers.