Apollo-client: Cookie being passed to client, but not being saved.
Intended outcome:
A cookie should be set when a user logs in with correct credentials, which is passed from an Apollo Server.
Actual outcome:
The cookie is being passed through when the request is made but is not saving, this is the response header I am receiving:
HTTP/1.1 200 OK
X-Powered-By: Express
Access-Control-Allow-Origin: *
Vary: Origin
Access-Control-Allow-Credentials: true
Content-Type: application/json
Content-Length: 69
set-cookie: qid=s%3AFeHW_hFLhljXmjhL_9kBNXEwWC2m7JW6.feFgMXLto36a989IwOEz7uk6AEFNvDufVjNezQMKWcU; Path=/; Expires=Tue, 30 Oct 2018 14:59:54 GMT; HttpOnly
Date: Tue, 23 Oct 2018 14:59:54 GMT
Connection: keep-alive
The cookie is saved when I test it using GraphQL Playground without the front-end.
How to reproduce the issue:
Server:
app.use(
cors({
origin: 'http://localhost:3000',
credentials: true,
})
);
app.use(
session({
store: new RedisStore({
client: redis
}),
name: "sid",
secret: process.env.SESSION_SECRET,
resave: false,
saveUninitialized: false,
cookie: {
httpOnly: true,
secure: false,
maxAge: 1000 * 60 * 60 * 24 * 7
}
})
);
Client:
const client = new ApolloClient({
link: new HttpLink({
uri: 'http://localhost:8080/graphql',
credentials: 'same-origin'
}),
cache: new InMemoryCache()
});
Versions
Server:
"apollo-server-express": "^2.1.0",
"express-session": "^1.15.6",
"express": "^4.16.4",
Client:
"apollo-cache-inmemory": "^1.3.6",
"apollo-link-context": "^1.0.9",
"apollo-link-error": "^1.1.1",
"apollo-client": "^2.4.3",
"apollo-link-http": "^1.5.5",
IMRLN
All 4 comments
This is an issue with my CORS setup, still haven't fixed it.
IMRLN
on 4 Nov 2018
Solved it by removing the app.use cors, and instead doing this:
const corsOptions = {
credentials: true,
origin: 'http://localhost:3000',
};
server.applyMiddleware({ app, cors: corsOptions });
IMRLN
on 4 Nov 2018
In case it's help to anyone else:
It only started to work for me when I:
- Had
Access-Control-Allow-Originset tohttp://localhost:MY_FRONTEND_PORTon the backend - Had
credentials: 'include'in mycreateHttpLinkconfiguration
Using Access-Control-Allow-Origin: * specifically did not work.
I spent too much time on this... This sort of thing seems pretty fundamental.
louisscruz
on 9 Jun 2019
Hi,
Sorry to revive this but I'm also running into this issue, and the above steps don't seem to be solving it. Like the above, my cookie is stored locally but a browser refresh (or closing the tab and reopening it) causes the cookie to be deleted/destroyed. I believe this is down to the createHttpLink uri being a subdomain (api.mydomain.xyz) because my graphql server is running on a subdomain, but I don't know how to fix this or why this is happening.
I am using Apollo Client (2.6.8) and apollo-server-express (2.11.0) with the following configuration. I am not using apollo boost's ApolloClient:
// Client Side
const httpLink = createHttpLink({
uri: process.env.NODE_ENV === 'production' ? 'https://api.mydomain.xyz/' : 'http://127.0.0.1:4000',
credentials: 'include',
fetch
})
// Server Side
app.use(
cors({
credentials: true,
origin: process.env.NODE_ENV === 'production' ? 'https://mydomain.xyz' : 'http://127.0.0.1:3000'
})
);
apolloServer.applyMiddleware({ app, path: '/', cors: false });
The reason I say that I think this is down to the createHttpLink uri is because if I change the uri for local to http://localhost:4000 (rather than http://127.0.0.1:4000) I get the same issue happening on localhost - the cookie is stored but then is deleted/destroyed if I refresh.
alex-r89
on 25 May 2020
Related issues
joergbaier
·
3Comments
elie222
·
3Comments
skeithtan
·
3Comments
eweilow
·
3Comments
dispix
·
3Comments
Most helpful comment
Solved it by removing the app.use cors, and instead doing this:
const corsOptions = { credentials: true, origin: 'http://localhost:3000', };server.applyMiddleware({ app, cors: corsOptions });