凭据：“包括”未将cookie发送到api服务器。 [graphql-yoga] [apollo-client] [isomorphic-unfecth]

Question

设置 两个独立的应用程序：https://api.client.com和https://client.com

https://api.client.com是由now.sh托管的graphql-yoga服务器，用于接受graphql请求。

目标是使用apollo客户端使用凭据“ include”接受来自https://client.com的带有cookie附件的请求。

https://api.client.com的设置和配置：

const options: Options = {
  cors: {
    origin: ["https://client.com","http://localhost:3000"],
    credentials: true
  },
}

server.start(options, () => console.log('Server is running on http://localhost:4000'))

https://client.com设置和配置：

import fetch from 'isomorphic-unfetch';

const link = createHttpLink({
  uri: 'https://api.client.com',
  fetch,
  credentials: 'include',
});

这是我收到的请求和响应标头。 飞行前的选项：

**Response**
Request URL: https://api.client.com/
Request Method: OPTIONS
Status Code: 204 
Referrer Policy: no-referrer-when-downgrade
access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://client.io
cache-control: s-maxage=0
content-length: 0
date: Fri, 06 Dec 2019 01:49:22 GMT
server: now
status: 204
strict-transport-security: max-age=63072000
vary: Origin, Access-Control-Request-Headers
x-now-id: iad1:so1:rt29b-157
x-now-trace: iad
x-powered-by: Express

**Request**
:authority: api.client.com
:method: OPTIONS
:path: /
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
access-control-request-headers: content-type
access-control-request-method: POST
cache-control: no-cache
origin: https://client.io
pragma: no-cache
referer: https://client.io/explore
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.70 Safari/537.36

这是直接从apollo客户端发出的发帖请求：

**Response**
Request URL: https://api.client.com/
Request Method: POST
Status Code: 200 
Remote Address: 3.210.90.207:443
Referrer Policy: no-referrer-when-downgrade
access-control-allow-credentials: true
access-control-allow-origin: https://client.com
cache-control: s-maxage=0
content-length: 159
content-type: application/json
date: Fri, 06 Dec 2019 01:49:24 GMT
server: now
status: 200
strict-transport-security: max-age=63072000
vary: Origin
x-now-id: iad1:sfo1:wlmw-7b42681d
x-now-trace: iad1
x-powered-by: Express

**Request**
:authority: api.client.com
:method: POST
:path: /
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
content-length: 124
content-type: application/json
origin: https://client.com
pragma: no-cache
referer: https://client.io/explore
sec-fetch-mode: cors
sec-fetch-site: same-site
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.70 Safari/537.36

如您所见，没有发送任何cookie。所设置的Cookie如chrome中所示： Cookie being set

我看到了我可能搞砸的三个大潜在领域。 1. Apollo客户端或graphql-yoga中的配置选项。 2.使用同构unfecth和凭据可能不会发送。 3.我对CORS的了解不足导致我失败。

任何帮助或解释都将非常有帮助。

谢谢！