Closed AnsonH closed 2 years ago
Currently all GraphQL API calls using axios are using HTTP because localhost only works with HTTP by default if process.env.API_URL is localhost.
axios
process.env.API_URL
localhost
const { data: { data, errors } } = await axios({ // ... // Note the HTTP here url: `http://${process.env.API_URL}/v1/graphql`, });
We wish to upgrade all URLs from HTTP to HTTPS for enhanced security.
NOTE: In the original repo, there's a mix of use in both HTTP and HTTPS for the GraphQL URL
If have time, we should investigate how to run localhost with HTTPS. After that, we can then upgrade all url to use HTTPS for better security.
url
Refactor the API_URL environment variable to use a full URL:
API_URL
API_URL=`http://localhost:8080/v1/graphql
const { data: { data, errors } } = await axios({ // ... - url: `http://${process.env.API_URL}/v1/graphql`, + url: process.env.API_URL, });
However, this means we need to change the API_URL variable value in the Terraform production cluster.
Superseded by #4
AnsonH
commented
2 years ago AnsonH
commented
2 years ago
Description
Currently all GraphQL API calls using
axiosare using HTTP because localhost only works with HTTP by default ifprocess.env.API_URLislocalhost.We wish to upgrade all URLs from HTTP to HTTPS for enhanced security.
NOTE: In the original repo, there's a mix of use in both HTTP and HTTPS for the GraphQL URL
Solution 1
If have time, we should investigate how to run localhost with HTTPS. After that, we can then upgrade all
urlto use HTTPS for better security.Solution 2
Refactor the
API_URLenvironment variable to use a full URL:However, this means we need to change the
API_URLvariable value in the Terraform production cluster.