1

I've got a Relay setup from howtographql tutorial:

const network = Network.create((operation, variables) => {
  // 4
  return fetch(GRAPHQL_URL, {
    method: 'POST',
    headers: {
      Accept: 'application/json',
      'Content-Type': 'application/json',
    },
    credentials: 'same-origin', // <- added it to enable cookies, but it's a probably a default option anyway
    body: JSON.stringify({
      query: operation.text,
      variables,
    }),
  }).then(response => {
    return response.json();
  });
});

I want Relay to attach a cookie to its request but it doesn't work even when I added credentials: 'same-origin'. Here's the similar issue on GitHub (even though it's more about the auth component, so this question should have a simple solution).

Ouroborus
  • 16,237
  • 4
  • 39
  • 62
A. Karnaval
  • 727
  • 2
  • 8
  • 12
  • cookies are bound to the browser via path, domain, expiry date and https status, meaning on backend you set the cookie via the response (server to browser) then when any request made from the frontend to the api/backend the cookie will be included by default, then check the cookie to do all your magic – Dean Van Greunen Jul 09 '19 at 18:20
  • @DeanVanGreunen that makes sense but I'm 100% sure the client sends a request with a cookie to a server. – A. Karnaval Jul 09 '19 at 19:36
  • Possible duplicate of [Cookies not getting passed in mobile browser in graphql request through relayjs](https://stackoverflow.com/questions/42379873/cookies-not-getting-passed-in-mobile-browser-in-graphql-request-through-relayjs) – Ouroborus Jul 09 '19 at 19:43
  • @Ouroborus that's the solution for Relay but I'm using Relay Modern here. – A. Karnaval Jul 09 '19 at 19:46
  • @A.Karnaval I don't see that `credentials` functions differently between the two. Have you tried `credentials:'include'` as the answer suggests? – Ouroborus Jul 09 '19 at 19:54
  • @Ouroborus I did: Access to fetch at 'http://localhost:4000/' from origin 'https://0.0.0.0:3005' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. – A. Karnaval Jul 09 '19 at 19:55
  • @A.Karnaval Based on that, the problem isn't the cookie, it's the requests. Sounds like you need to set the `Access-Control-Allow-Origin` header in the server responses (how you do this differs by server), or arrange for the domains and ports to match so that CORS isn't triggered. As for `same-origin`, I imagine it's not working also because of the domain mismatch. – Ouroborus Jul 09 '19 at 20:04
  • @Ouroborus thanks for the suggestion, but it still doesn't pass a cookie (if I run Chrome with no-security to avoid _CORS_ errors). I don't really understand your suggestion thought: AFAIK the workflow is client request (the cookie is present) -> frontend -> relay's request -> graphql server (the cookie is missing at this point if I print out the whole request) – A. Karnaval Jul 09 '19 at 20:42
  • @A.Karnaval install this extesion [Edit This Cookie](http://www.editthiscookie.com/) in chrome – Dean Van Greunen Jul 10 '19 at 12:38
  • Did you solve this? Having a similar issue :( – Will Cowan Nov 19 '20 at 12:58

0 Answers0