设置 两个独立的应用程序:https://api.client.com和https://client.com
https://api.client.com是由now.sh托管的graphql-yoga服务器,用于接受graphql请求。
目标是使用apollo客户端使用凭据“ include”接受来自https://client.com的带有cookie附件的请求。
https://api.client.com的设置和配置:
const options: Options = {
cors: {
origin: ["https://client.com","http://localhost:3000"],
credentials: true
},
}
server.start(options, () => console.log('Server is running on http://localhost:4000'))
https://client.com设置和配置:
import fetch from 'isomorphic-unfetch';
const link = createHttpLink({
uri: 'https://api.client.com',
fetch,
credentials: 'include',
});
这是我收到的请求和响应标头。 飞行前的选项:
**Response**
Request URL: https://api.client.com/
Request Method: OPTIONS
Status Code: 204
Referrer Policy: no-referrer-when-downgrade
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://client.io
cache-control: s-maxage=0
content-length: 0
date: Fri, 06 Dec 2019 01:49:22 GMT
server: now
status: 204
strict-transport-security: max-age=63072000
vary: Origin, Access-Control-Request-Headers
x-now-id: iad1:so1:rt29b-157
x-now-trace: iad
x-powered-by: Express
**Request**
:authority: api.client.com
:method: OPTIONS
:path: /
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
access-control-request-headers: content-type
access-control-request-method: POST
cache-control: no-cache
origin: https://client.io
pragma: no-cache
referer: https://client.io/explore
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.70 Safari/537.36
这是直接从apollo客户端发出的发帖请求:
**Response**
Request URL: https://api.client.com/
Request Method: POST
Status Code: 200
Remote Address: 3.210.90.207:443
Referrer Policy: no-referrer-when-downgrade
access-control-allow-credentials: true
access-control-allow-origin: https://client.com
cache-control: s-maxage=0
content-length: 159
content-type: application/json
date: Fri, 06 Dec 2019 01:49:24 GMT
server: now
status: 200
strict-transport-security: max-age=63072000
vary: Origin
x-now-id: iad1:sfo1:wlmw-7b42681d
x-now-trace: iad1
x-powered-by: Express
**Request**
:authority: api.client.com
:method: POST
:path: /
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
content-length: 124
content-type: application/json
origin: https://client.com
pragma: no-cache
referer: https://client.io/explore
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.70 Safari/537.36
如您所见,没有发送任何cookie。所设置的Cookie如chrome中所示: Cookie being set
我看到了我可能搞砸的三个大潜在领域。 1. Apollo客户端或graphql-yoga中的配置选项。 2.使用同构unfecth和凭据可能不会发送。 3.我对CORS的了解不足导致我失败。
任何帮助或解释都将非常有帮助。
谢谢!