Closed AnsonH closed 2 years ago
Currently all GraphQL API calls using axios are using HTTP because localhost only works with HTTP by default if process.env.API_URL is localhost.
axios
process.env.API_URL
localhost
const { data: { data, errors } } = await axios({ // ... // Note the HTTP here url: `http://${process.env.API_URL}/v1/graphql`, });
We wish to upgrade all URLs from HTTP to HTTPS for enhanced security.
NOTE: In the original repo, there's a mix of use in both HTTP and HTTPS for the GraphQL URL
If have time, we should investigate how to run localhost with HTTPS. After that, we can then upgrade all url to use HTTPS for better security.
url
Refactor the API_URL environment variable to use a full URL:
API_URL
API_URL=`http://localhost:8080/v1/graphql
const { data: { data, errors } } = await axios({ // ... - url: `http://${process.env.API_URL}/v1/graphql`, + url: process.env.API_URL, });
However, this means we need to change the API_URL variable value in the Terraform production cluster.
Superseded by #4
Description
Currently all GraphQL API calls using
axios
are using HTTP because localhost only works with HTTP by default ifprocess.env.API_URL
islocalhost
.We wish to upgrade all URLs from HTTP to HTTPS for enhanced security.
NOTE: In the original repo, there's a mix of use in both HTTP and HTTPS for the GraphQL URL
Solution 1
If have time, we should investigate how to run localhost with HTTPS. After that, we can then upgrade all
url
to use HTTPS for better security.Solution 2
Refactor the
API_URL
environment variable to use a full URL:However, this means we need to change the
API_URL
variable value in the Terraform production cluster.