graphql-playground: Cookies are not being sent in Playground Express

This issue pertains to the following package(s):

GraphQL Playground Express Middleware

What OS and OS version are you experiencing the issue(s) on?

Ubuntu 16.04.4 LTS xenial

What version of graphql-playground(-electron/-middleware) are you experiencing the issue(s) on?

1.7.0

What is the expected behavior?

It should send browser cookies along with the GraphQL request.

What is the actual behavior?

The cookies are absent in the request originating from Playground.

What steps may we take to reproduce the behavior?

You can reproduce it with a demo app on glitch

Open the app to land at /, a cookie is set
Navigate to /graphql and run a query { hello }
Observe the browser console and/or glitch console

req

You can see that Cookie is missing from Request Headers even though it is set in the browser

The cookie is hence not sent over to express

log

Note that the demo app runs on Apollo Server v2 which uses apollo-server-express version 1.7.0 under the hood. I took the following screenshot from twitch terminal, inside node_modules

version

About this issue

Original URL
State: closed
Created 6 years ago
Reactions: 26
Comments: 20 (2 by maintainers)

Most upvoted comments

Here is what I found as a workaround:

Go to your GraphQl Playground
In the top right corner click on the gear icon (settings)
Change the following

{
-  "request.credentials": "omit",
+  "request.credentials": "same-origin",
}

Somehow, the client is not using the server settings, therefore it consumes request.credentials: "omit" instead of "same-origin"

+334

vladanpaunovic on Aug 13, 2018

Also using playground behind Apollo Server and having the same issue.

+21

gustavlrsn on Jun 28, 2018

Is ‘include’ linked to boolean value false? Seems like because in my case both of the code works

playground: {
    settings: {
      'request.credentials': false,
    }
  }

playground: {
    settings: {
      'request.credentials': 'include',
    }
  }

Seems like the way it works is my access token is in cookie, So if I login from app, cookie is set That cookie is sent to playground requests as well. And so the app and graphql end point is in sync

+17

manjula-dube on Feb 7, 2019

Yes, still an issue today, with apollo-server I’m using this without success:

const serverApollo = new ApolloServer({
  typeDefs,
  resolvers,
  context: ({ req }) => {
    return {...code...};
  }
  playground: {
    settings: {
      "request.credentials": "include"
    }
  }
});

It doesn’t work!

+12

frederikhors on Aug 11, 2018

Yes, I confirmed that this is still an issue.

+10

tanekim88 on Aug 5, 2018

That’s not so much a workaround as the actual bug - the default user settings are always “omit” instead of the serverside defined default.

curry684 on Aug 14, 2018

Oh my god, I wasted so much time on this problem! @vladanpaunovic answer helped

Fxlr8 on Jun 7, 2019

With further searching, I found that the cookies can be turned on in settings. But is there a way to pass those options in Node? It’s also complicated by the fact that I am using the playground behind Apollo Server.

alex996 on Jun 22, 2018

Here is what I found as a workaround:

Go to your GraphQl Playground

In the top right corner click on the gear icon (settings)

Change the following
{
-  "request.credentials": "omit",
+  "request.credentials": "same-origin",
}
Somehow, the client is not using the server settings, therefore it consumes request.credentials: "omit" instead of "same-origin"

This works fine.Thank you

kelvinbush on Jan 7, 2022

I was having what seemed like CORS issues with apollo-server behind OIDC authentication (Okta), and this was killing me. Thank you @vladanpaunovic !!!

For anyone seeing Server cannot be reached in the playgroung, this was the only solution that worked for me.

mcouthon on Dec 25, 2019