Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Request cookies not being passed when `same-origin` is set.

See original GitHub issue

Intended outcome: Want request cookies to be sent with query when same-origin is set.

Actual outcome: I followed the new docs for Authentication but the Request Cookies are not being passed.

This worked before upgrading and I haven’t changed any code besides what was in the migration guide.

Code from 1.0.1 (worked fine, Request cookie is passed and came back with data)

import { ApolloProvider } from 'react-apollo'
import ApolloClient, { createNetworkInterface } from 'apollo-client'

const networkInterface = createNetworkInterface({
  uri: '/graphql',
  opts: {
    credentials: 'same-origin',
  },
});

const client = new ApolloClient({
  networkInterface,
});

const Root = () => {
  return (
    <ApolloProvider client={ client }>
      <Header />
    </ApolloProvider>
  );
};

ReactDOM.render(<Root />, document.querySelector('#root'));

Network tab: screen shot 2017-10-31 at 2 35 43 pm

Updated code to reflect 2.0.1 API:

import ApolloClient from 'apollo-client'
import { ApolloProvider } from 'react-apollo'
import { createHttpLink } from 'apollo-link-http'
import { InMemoryCache } from 'apollo-cache-inmemory'

import Header from './components/Header'

const link = createHttpLink({
  uri: '/graphql',
  opts: {
    credentials: 'same-origin',
  },
});

const client = new ApolloClient({
  cache: new InMemoryCache(),
  link
});

const Root = () => {
  return (
    <ApolloProvider client={ client }>
      <Header />
    </ApolloProvider>
  )
}

ReactDOM.render(<Root />, document.querySelector('#root'));

Network Tab: screen shot 2017-10-31 at 2 36 14 pm

How to reproduce the issue: Upgrade and use createHttpLink with opts: { credentials: ‘same-origion’ } and see no Request cookie passed. I’m using express-session on the backend, and have tried using cors as mentioned in the docs but to no avail.

I’m not sure how to better debug but would love to know how so I can help fix it (if it is a problem). I could be messing something up but only upgrade-to-2.0 code changed so it seems suspect.

Version

  • apollo-client@2.0.1

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:31 (2 by maintainers)

github_iconTop GitHub Comments

7reactions
chriskolenkocommented, Feb 28, 2018

I moved to credentials: ‘include’

same-origin will check scheme, hostname and port.

After switching to ‘include’ I also had to fix up my CORS.

2reactions
francisngocommented, Feb 14, 2018

In some docs. it says to use HttpLink : import { HttpLink } from 'apollo-link-http'; and in some other part of the docs (in migration) it says to use createHttpLink : import { createHttpLink } from 'apollo-link-http'. I tried both but the request cookies are still not passing.

Here is what I have.

import React from 'react';
import ReactDOM from 'react-dom';
import { ApolloClient } from 'apollo-client';
import { HttpLink } from 'apollo-link-http';
import { InMemoryCache } from 'apollo-cache-inmemory';
import { ApolloProvider } from 'react-apollo';
import { BrowserRouter as Router, Route } from 'react-router-dom';

import App from './components/App';

const httpLink = new HttpLink({
  uri: '/graphql',
  credentials: 'same-origin'
});

const client = new ApolloClient({
  link: httpLink,
  cache: new InMemoryCache({
    dataIdFromObject: object => object.id || null
  })
});
Read more comments on GitHub >

github_iconTop Results From Across the Web

Set cookies for cross origin requests - Stack Overflow
For production environment, you need to set sameSite to none for cross-origin request and secure to true . Remember sameSite works with express...
Read more >
7 Keys to the Mystery of a Missing Cookie - Medium
7 Keys to the Mystery of a Missing Cookie · 1. SameSite attribute Defaults to Lax · 2. withCredentials is not Set to...
Read more >
Same-origin policy - Web security | MDN
The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a ......
Read more >
Why third-party cookies are NOT sent where you think they ...
If unspecified, it defaults to the same origin that set the cookie, excluding subdomains. If Domain is specified, then subdomains are always included....
Read more >
Cookie same origin policy
Review: Same Origin Policy (SOP) for DOM: ... Delete cookie by setting “expires” to date in past ... Does not see which domain...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Optimistic option on ApolloClient.readQuery

Next page

Async Middleware (with ApolloLink)