Comments (10)
benwilson512
commented on August 19, 2024
Does the GraphiQL JS have a built in way to specify default header values?
from absinthe_plug.
petejkim
commented on August 19, 2024
GraphiQL workspace has it:
from absinthe_plug.
bruce
commented on August 19, 2024
@petejkim I think it's probably a reasonable request. Note, though, given our work on the 1.3 release and prep for ElixirConf EU, the quickest way to get this done is going to be a contributed PR -- at least for several weeks. Anything submitted would have to avoid adding additional dependencies.
from absinthe_plug.
petejkim
commented on August 19, 2024
Sounds good, I will take a crack at it.
from absinthe_plug.
bruce
commented on August 19, 2024
Another thing to mention; we really, really want to avoid forking GraphiQL "Classic" and GraphiQL Workspace, for maintenance reasons -- at the moment we merely point to those projects via CDN, and would like that to continue. So make sure anything you do via JS is hooking into those projects as-is.
from absinthe_plug.
benwilson512
commented on August 19, 2024
I think the best route here is to permit an option to the graphiql plug
called default headers, rather than handle just this specific header
…On Thu, Apr 20, 2017 at 7:16 PM Bruce Williams ***@***.***> wrote:
Another thing to mention; we really, really want to avoid forking GraphiQL
"Classic" and GraphiQL Workspace, for maintenance reasons -- at the moment
we merely point to those projects via CDN, and would like that to continue.
So make sure anything you do via JS is hooking into those projects as-is.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#76 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAPICfqNZ4PdK04PhSEx7KlhS7tS0ob-ks5rx-dUgaJpZM4NDTBc>
.
from absinthe_plug.
petejkim
commented on August 19, 2024
I think the best route here is to permit an option to the graphiql plug called default headers, rather than handle just this specific header
I am not sure if it'd be possible to reference the CSRF token from router.ex though...
How about something like:
forward "/graphiql",
Absinthe.Plug.GraphiQL,
schema: MyApp.Schema,
include_csrf_header: trueor it could be a special atom this Plug recognizes, something like:
forward "/graphiql",
Absinthe.Plug.GraphiQL,
schema: MyApp.Schema,
default_headers: %{
"X-Something" => "something",
"X-CSRF-Token" => :csrf_token
}from absinthe_plug.
petejkim
commented on August 19, 2024
Actually, I think something like the following would be the best:
forward "/graphiql",
Absinthe.Plug.GraphiQL,
schema: MyApp.Schema,
default_headers: %{
"X-Something" => "something",
"X-CSRF-Token" => {Plug.CSRFProtection, :get_csrf_token}
}What do you think?
from absinthe_plug.
benwilson512
commented on August 19, 2024
Perhaps the whole config for headers should be a function:
default_headers: {__MODULE__, :graphiql_headers}
def graphical_headers() do
%{"blah" => "foo"}
end
Alternatively we configure it like we do the context, where you have a plug that runs prior to the GraphiQL plug and it sets a value on the conn. This has the benefit of being trivially able to use incoming conn properties to set the default headers as desired.
Thoughts?
from absinthe_plug.
petejkim
commented on August 19, 2024
I went with the first approach you suggested: #77
from absinthe_plug.
Related Issues (20)
- Add GraphQL support for multipart form requests HOT 1
- How do I test file upload HOT 4
- Raise compile error if inconsistency in options HOT 1
- Dialyzer error using GraphiQL plug HOT 3
- is not a valid Absinthe.Schema with wrapped plugs in 1.5.1 HOT 2
- Race Condition Related to Code Compilation HOT 5
- Dynamically generated max complexity HOT 5
- upgrade from 1.5.3 to 1.5.4 breaks default pub sub option HOT 10
- How to update graphql-playground version HOT 1
- How to disable multi-operation queries HOT 1
- Allow using a struct as the absinthe context HOT 3
- Ability to opt out of batched execution on batch requests
- GraphiQL "proxies" graphql endpoint HOT 3
- Headers are not supported in Graphiql
- Possible to access context during subscription config? HOT 4
- Supporting POSTs with multipart/form-data is dangerous without CSRF protection HOT 2
- No query document supplied error HOT 1
- Support for HTTP Response Status HOT 13
- XSS vulnerability in GraphiQL implementation
- Support spec_compliant_errors in Plug options HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from absinthe_plug.