Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CurrentUser query fails CORS #3812

Closed
Irev-Dev opened this issue Dec 1, 2021 · 3 comments
Closed

CurrentUser query fails CORS #3812

Irev-Dev opened this issue Dec 1, 2021 · 3 comments

Comments

@Irev-Dev
Copy link
Contributor

Irev-Dev commented Dec 1, 2021

When deploying an app that has authentication with serverless (the api is on a different domain with this setup) there seems to be a CORS issue that only effects the currentUser query.

Where as other queries using the same graphQL endpoint don't have the same problem. I had posted this on the forum, after which I strongly suspected this was a bug and not a config problem so thought making a minimum replicating project was the best way to proceed. See that project here.

https://github.com/Irev-Dev/redwood-serverless-cors-demo

It covers steps to replicate with the website I've deployed as will as what steps I took to make the project.

Other than the project I have tried to dig into this myself adding some extra logging to a deployed api to see if something strange was happening when deployed, so I logged out lambdaResponse in packages/graphql-server/src/functions/graphql.ts and checking in Cloudwatch showed the following:

    {
      body: '{"data":{"redwood":{"currentUser":null}}}',
      statusCode: 200,
      headers: {
        'access-control-allow-credentials': 'true',
        'access-control-allow-origin': '*'
      }
    }

So it seems the headers are been added but are lost somewhere along the way?
To be clear I'm happy to keep digging into this, but I'm not sure where to look other than packages/graphql-server/src/functions/graphql.ts now, so need some help.
@thedavidprice thedavidprice moved this to New issues in Triage Dec 1, 2021
@Irev-Dev
Copy link
Contributor Author

Irev-Dev commented Dec 2, 2021

Closing this issue because it's not a bug, extra steps in the serverless.yml are needed when using the graphql endpoint for auth/credentials.

'*' is not good enough for CORS for requests with credentials. this was the diff that fixed it for me in my test project.

image

Though @thedavidprice @virtuoushub does this have implications for the serverless setup commend? if we detect they have an auth provider we add this to the serverless config?

@Irev-Dev Irev-Dev closed this as completed Dec 2, 2021
Repository owner moved this from New issues to Done in Triage Dec 2, 2021
@Irev-Dev Irev-Dev mentioned this issue Dec 3, 2021
Merged
@thedavidprice
Copy link
Contributor

Though @thedavidprice @virtuoushub does this have implications for the serverless setup commend? if we detect they have an auth provider we add this to the serverless config?

💯

We should assume projects have Auth as the default.

@Irev-Dev could you add this topic as something to address/discuss on #3755?

Thanks!

@Irev-Dev Irev-Dev mentioned this issue Dec 7, 2021
Merged
@Irev-Dev
Copy link
Contributor Author

Irev-Dev commented Dec 7, 2021

@thedavidprice Done!

#3755 (comment)

@Irev-Dev Irev-Dev mentioned this issue Dec 10, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
No open projects
Triage
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thedavidprice @Irev-Dev