访问控制允许源总是 *凭据是正确的
我正在使用apollo-server-express构建GraphQl API。我正在使用JWT和Cookie进行身份验证-allow-origin 始终是*,即使我在我的CORS选项中设置Origin,它仍然是*。
这是我的中间件:
app.use(
cors({
origin: "https://studio.apollographql.com",
credentials: true,
})
);
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json({ limit: "2mb" }));
app.use(cookieParser());
要复制您需要GraphQL和Express Server。
// Initialize dotenv
dotenv.config();
// Get env variables
const PORT = process.env.PORT || 5000;
// Create express server
const app = express();
// Express server middleware
app.use(
cors({
credentials: true,
origin: "https://studio.apollographql.com",
})
);
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json({ limit: "2mb" }));
app.use(cookieParser());
// Create new apollo server
const gqlServer = new ApolloServer({
typeDefs: [typedefs],
resolvers: { ...resolvers },
context: ({ req, res }: ContextType) => {
// const { isValid, userData } = verifyToken(req.cookies?.xToken);
return {
// isLoggedIn: isValid,
// userData: userData,
req,
res,
};
},
});
(async () => {
await gqlServer.start();
gqlServer.applyMiddleware({ app });
app.listen(PORT, () => {
console.log(`Server listening on port ${PORT}`);
});
})();
然后,您需要进行localhost:5000/graphql,点击查询服务器,然后转到Apollo。在Apollo Studio中,在左上方,显示您的URL的位置(应该是localhost:5000),应该有一个小COG图标(设置图标),您可以点击它,然后转到包括cookie并将其设置。就是这样,如果您在“网络”选项卡上使用开发工具,您将看到服务器中的cors错误localhost:5000 ant access> access-control-wall-allow-origin 是*。顺便说一句,您需要设置一些解析器和键入定义。
更新
我解决了问题,我还需要将CORS中间件应用于我的GraphQl Server。
gqlServer.applyMiddleware({
app,
cors: {
origin: "https://studio.apollographql.com",
credentials: true,
},
});
i am building a graphql api using apollo-server-express. I am using jwt and cookies for authentication so in my cors options credentials is set to true, the thing is, when credentials is set to true, Access-Control-Allow-Origin is always *, even if i set the origin in my cors options, it still is *.
here is my middleware:
app.use(
cors({
origin: "https://studio.apollographql.com",
credentials: true,
})
);
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json({ limit: "2mb" }));
app.use(cookieParser());
To reproduce you need a graphql and express server.
// Initialize dotenv
dotenv.config();
// Get env variables
const PORT = process.env.PORT || 5000;
// Create express server
const app = express();
// Express server middleware
app.use(
cors({
credentials: true,
origin: "https://studio.apollographql.com",
})
);
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json({ limit: "2mb" }));
app.use(cookieParser());
// Create new apollo server
const gqlServer = new ApolloServer({
typeDefs: [typedefs],
resolvers: { ...resolvers },
context: ({ req, res }: ContextType) => {
// const { isValid, userData } = verifyToken(req.cookies?.xToken);
return {
// isLoggedIn: isValid,
// userData: userData,
req,
res,
};
},
});
(async () => {
await gqlServer.start();
gqlServer.applyMiddleware({ app });
app.listen(PORT, () => {
console.log(`Server listening on port ${PORT}`);
});
})();
Then you need to go on localhost:5000/graphql, tap query your server, and go to apollo. In apollo studio, on the top left, where your url is displayed (should be localhost:5000), there should be a little cog icon (settings icon), you can tap on that, then go to include cookies and set it on. Thats it, if you go in dev tools at the network tab, you'll see cors errors from your server localhost:5000 ant the value of Access-Control-Allow-Origin is *. btw you need to set up some resolvers and type definitions.
Update
I solved the problem, i needed to apply the cors middleware to my graphql server as well.
gqlServer.applyMiddleware({
app,
cors: {
origin: "https://studio.apollographql.com",
credentials: true,
},
});
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论