Apollo Server 3 Cookie Issue #5775
Comments
|
Hi @gorkemgunay, sorry for the trouble you're having. I just want to make sure - this isn't related to upgrading to ASv3, correct? Can you please provide me with a reproduction that demonstrates the issue? Ideally a repository that I clone with instructions on how to see the issue you're experiencing. Thanks! |
|
Hi @trevor-scheer, I don't know the CORS issue related to apollo server v3. When i use "Postman" i change my cors settings like that I commented secure:true option and "https://studio.apollographql.com" origin and it's work for postman. Here is the cookie result:
Also I tried for apollo-server v3 for these settings. Secure:true and origin is "https://studio.apollographql.com". I commented the "http://localhost:4000/graphql". But this is not work. I didn't understand. As you can see my cookie doesn't show. I really don't know what the problem is.
|
|
Hi @gorkemgunay Unfortunately browsers require that |
|
the problem is also complicated by http://localhost not being able to set a secure cookie, regardless of the setting expressjs/cookie-session#71 (comment)
💭 this is indeed problematic for local development with cookie-based auth |
|
It looks like at least as of Chrome 89, Chrome will allow http://localhost to set a secure cookie despite being on HTTP rather than HTTPS Based on how Verified that looks like what the code is doing here - https://github.com/expressjs/session/blob/a8641429502fcc076c4b2dcbd6b2320891c1650c/index.js#L231-L243 (if In that case, I think these two steps might make this work
|
|
looks like there's an open issue on express-session to allow setting secure cookies on localhost here expressjs/session#837 should hopefully be a cleaner solution once that resolves |
|
Hi @cheapsteak, firstly thank you so much for your well explained comments. I added This solution is work. Here is the cookie. But I have a quesiton. If a deploy this app to https website (production) will it still set my cookie? I think i should delete this part for production |
|
Woot, glad that worked! I would definitely recommend not deploying that line to production If your production site is served from HTTPS, it shouldn't need it Can you perhaps add a check for some environment variable so it only runs that line when run locally? |
|
Hi @cheapsteak, thank you, I will add the |
|
Sounds like you've figured this out! I'm going to close the issue. |
|
I had the same issue, and I followed the steps mentioned above. and then It works. |
|
I did the following, but it is not working anymore, does anyone have a clue where to place app.set in the code above? |
|
|
|
that's exactly where I placed the code @pyDjangoDev |
So it's not working? |
|
|
|
I've set to "true", but I'm !prod, of course |
|
|
|
import "reflect-metadata" import redis from "redis"; import { MyContext } from "./types"; const main = async () =>{ ) const apolloServer = new ApolloServer({ await apolloServer.start(); app.listen(4000, () => { // const post = orm.em.create(Post, {title: "fuck"} ); // const posts = await orm.em.find(Post, {}); } main().catch(err =>{ |
|
please try to set |
|
|
|
@pyDjangoDev , setted, but not working also. Where can I put the headers in my code? |
https://github.com/pyDjangoDev/apollo-express-typeorm-blog/blob/main/src/index.ts |
|
Tried the code above, where the "httpServer" is imported from? |
|
|
|
|
But it's not related to your problem. |
|
Ok, I open the graphql, make my login, but the cookie is not stored, changed the request.credentials to "include" |
|
|
|
ok, got it! Thanks for the help @pyDjangoDev. Here is what we did:
|
Anyway, but it has to work with Apollo Studio. |
Yeah, but I don't know where to place the header part of the code, the "x-forwarded-proto" |
|
Made your changes, restarted Apollo, not working |
This issue is already closed. |
|
I really don't understand, not working for me yet with Apollo, but I will post here if I can make It work. Thank you for your support! I would enjoy to collaborate with you |
You are welcome. |
|
hello,i had randomly changed many of the settings along the way, Finally I made it worked in the my windows, for some reason I had to switch it over to Linuz and founded myself doing the same thing like changing randomly so i gooogled like for a week now and i guess founded a solution, i don't know you guys solved id or not. first of all i tried with the play ground as you know the studio is new and all --> i followed the above code, so sol is with introspection on, the studio is live but cookies not being setthis also dosn't set the cookiebut those settings are correct i guess for the production and also for the devso i made the cors on the apollo server false and along with the default cors option included the url in the originhere is the full code.. if anything wrong with what im saying --> pls correct it. im just a newbie. |
|
Cors = False, you mean credentials = false? I do not see that change in the code above |
|
|
|
I think that the new option to embed the landing page solves many of these problems: https://www.apollographql.com/docs/studio/explorer/embed-explorer/#embedding-on-the-apollo-server-landing-page |
|
Try passing the code below in should be at plugins |
|
No need to set trust proxy & cors Solution as per Apollo GraphQL Docs Includes plugins in ApolloServer contructor // make sure to enable include cookies |
Can you show us the code please the request.credentials is it from the back end or frontend |
Facing the same issue , studio is live but still can't find the cookie in request headers. By any chance did you get any solution in this |
|
@jyoVerma15 I'd be happy to help you if you provide some more details. Can you share a reproduction? |
I am trying to access the cookie in the context function as request headers. We are using the apollo-server package and added the cors settings and enabled cookies option in explorer and added sameSite and secure attributes but still I am getting the cookie value as undefined in the request headers in context. const server = new ApolloServer({
|
|
@jyoVerma15 It looks like you have everything in place, but there's one gotcha here. Browsers won't let you set the However, if your server sends a cookie using a proper {
async requestDidStart() {
return {
async willSendResponse({ response }) {
response.http?.headers.set(
"Set-Cookie",
"abcdefg=mycookie; SameSite=None; Secure"
);
},
};
},
},The |
Thank a lot @trevor-scheer for the solution , but this didn't work for me, as a workaround I just used Requestly chrome extension( modify headers rule) to pass the cookie from request headers for my testing. |
|
@jyoVerma15 I'm glad you got something to work for you. If you want to troubleshoot why my workaround didn't solve the issue for you, I'd need to know what behavior you're seeing now and what changed when you added the plugin. (does your browser see the |
|
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
I'm trying to do an authentication system with graphql and I want to use cookies (express-session). I'm using apollo-server-express and my goal is to save the user cookie. I checked in postman and its worked but not working in apollo server 3. What do i need to change for work in apollo server 3?
My cookie setting is on.
my code is here
I changed the cors options to this and delete secure:true part for postman. It's work in postman.
The text was updated successfully, but these errors were encountered: