Graphql-playground: Cors

Created on 1 Dec 2017  路  6Comments  路  Source: graphql/graphql-playground

This issue pertains to:

  • [x] GraphQL Playground - Electron App
  • [ ] GraphQL Playground
  • [ ] GraphQL Playground Middleware

What OS and OS version are you experiencing the issue(s) on?

macOS Sierra 10.12.6

What version of graphql-playground(-electron/-middleware) are you experience the issue(s) on?

GraphQL Playground 1.3.0

What is the expected behavior?

Origin header should not be sent, or should be electron://graphiql-app (to match GraphiQL), so CORS can effectively be enabled by GraphQL servers.

What is the actual behavior?

Using devtools in GraphQL Playground, it sends a request header Origin:null.

What steps may we take to reproduce the behavior?

Open GraphQL Playground App, Toggle Developer Tools and open the network tab, and look for the request headers.

bu2-confirmed kinbug statupr-welcome
Source
picture timrs2998
👍6

Most helpful comment

I noticed this can't be overridden by the headers tab in Playground. Might it be desirable to allow that, at least for requests to localhost/127.0.0.1?

I'm willing to work on this and would love some more feedback.

picture tjpeden on 25 Jul 2018
5

All 6 comments

I noticed this can't be overridden by the headers tab in Playground. Might it be desirable to allow that, at least for requests to localhost/127.0.0.1?

I'm willing to work on this and would love some more feedback.

tjpeden picture tjpeden on 25 Jul 2018
5

My server will also reject any request containing null origin. A fix was made for this same issue in graphiql-app and playground should do the same thing:
https://github.com/skevy/graphiql-app/pull/66/files

main.js

electron.session.defaultSession.webRequest.onBeforeSendHeaders((details, callback) => {
    details.requestHeaders['Origin'] = 'electron://graphql-playground';
    callback({ cancel: false, requestHeaders: details.requestHeaders });
  });

As a workaround one can use the local webpage version: https://github.com/prisma/graphql-playground#as-html-page

Enalmada picture Enalmada on 29 Aug 2018

What is the expected behavior?
Origin header should not be sent, or should be electron://graphiql-app (to match GraphiQL), or should be the value set for a matching "Origin" header in the HTTP Headers panel, so CORS can effectively be enabled by GraphQL servers.

mxmlnglt picture mxmlnglt on 17 May 2019

Problem still exists. Pls add possibility to set it in HTTP Headers panel.

kolengri picture kolengri on 6 Dec 2019
👍3

+1

tanguyantoine picture tanguyantoine on 16 Jan 2020

+1

leonbe02 picture leonbe02 on 17 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

alex996 picture alex996  路  15Comments
gajus picture gajus  路  20Comments
marktani picture marktani  路  13Comments
anodynos picture anodynos  路  19Comments
gajus picture gajus  路  19Comments