Comments (7)
It should work fine but you need to make sure the batch plugin is applied last. The order of plugins is important here.
I don't have enough information here, can you post some code samples?
from villus.
I'm working with Laravel sanctums session cookies.
I made an authplugin which set the token as follows:
const authPlugin = definePlugin(({ opContext }) => {
const xsrf = RegExp('XSRF-TOKEN[^;]+').exec(document.cookie);
opContext.headers['X-XSRF-TOKEN'] = decodeURIComponent(
xsrf ? xsrf.toString().replace(/^[^=]+./, '') : ''
);
opContext.credentials = 'include';
});
My client I created looks like this:
export const client = createClient({
url: import.meta.env.VITE_GRAPH_URL,
cachePolicy: 'network-only',
use: [authPlugin, ...defaultPlugins()],
});
This works just fine but when i'm using the batch plugin like this:
export const client = createClient({
url: import.meta.env.VITE_GRAPH_URL,
cachePolicy: 'network-only',
use: [authPlugin, batch()],
});
My API returns a 419 no reason phase.
from villus.
I did however find out that in the request headers with the 1st setup a Cookie: XSRF-TOKEN gets send while with the batch plugin this doesn't happen.
Request headers:
Without batch:
POST /graphql/ HTTP/2
Host: xxx.lokal.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xxx.lokal.host/
content-type: application/json
X-XSRF-TOKEN: xxxx
Content-Length: 161
Origin: https://xxx.lokal.host
Connection: keep-alive
Cookie: XSRF-TOKEN=xxxxx
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
With batch:
POST /graphql/ HTTP/2
Host :xxx.lokal.host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xxx.lokal.host/
content-type: application/json
X-XSRF-TOKEN: xxxx
Content-Length: 239
Origin: https://xxx.lokal.host
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
from villus.
From what I can see in your example responses. The X-XSRF-TOKEN
seems to be there in both cases unless you mistakenly copied a different response.
I have a similar setup with a Rails server and it's working as expected. Is your server capable of handling batched queries?
If it is possible to set up a simple Laravel repo to test this issue that would be great, otherwise it will be guesswork on my part.
from villus.
It should be according to Lighthouse-PHP. I'll set up a simple laravel repo tomorrow to see if it is a problem in my current configuration.
Could it be possible the opContext.credentials = 'include'
isn't sticking for some reason? As there is a cookie object without the batch and with batch enabled this dissapears? I think Sanctum uses this as well to authenticate. If I remove it in my authplugin then I get the same behavior as with the batch plugin. In the batch plugin source I see you only spread the opContext.headers
in the fetch object and the opContext.credentials
do not get set. This is a hard requirement for Laravel/Sanctum
from villus.
I can confirm that with adding the credentials: opContext.credentials
it is fixed. I opened a PR for you to review.
from villus.
Thanks for #167 this resolves this issue indeed and I have added a test in 281aedd.
This is now released in 1.2.5
from villus.
Related Issues (20)
- SubscriptionForwarder Typescript issue with graphql-ws HOT 1
- useSubscription return old value when router.push is used HOT 1
- Query normalization with `useSubscription` HOT 1
- Feature request: hooks for data fetch HOT 5
- Deploying to Vercel Edge function
- Typing executeQuery/executeMutation when used in a different context
- Manually setting cache HOT 7
- Cache persist on IndexedDB? HOT 2
- refetchTags without making a mutation HOT 2
- When setting/changing variables in plugins, the (cache) key is not updated HOT 1
- Question: Villus with Mock Service Worker (msw) HOT 1
- Duplicate requests with Villus and Nuxt HOT 1
- The Pinia Example preview: "Loading..." HOT 1
- Fetch options HOT 1
- gql.tada HOT 3
- gql.tada / TadaDocumentNode types are not automatically infered HOT 5
- Why is the fetch method undefined in the Alipay applet?
- Network Bug with dedup HOT 1
- Typescript issue in subscription forwarder
- Testing Pinia-Store HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from villus.