Option to allow only authenticated requests

ashhitch / wp-graphql-send-mail

Send emails via mutation using WpGraphQl

GNU General Public License v3.0

21 stars 4 forks source link

Option to allow only authenticated requests #8

Open madebyfabian opened 12 months ago

madebyfabian commented 12 months ago

I am using this plugin to send a contact form email., this will be handled by a server. My WPGraphQL server does not require authentication for queries, only for mutations. (e.g. an unauthenticated user of the API can query information, but is not able to mutate any data). This is archived by unchecking this WPGraphQL setting: Bildschirmfoto 2023-10-09 um 13 44 08

I see that this plugin also allows unauthenticated request to make mutations (sending emails).

I would like to have an option in the settings where I can limit the ability to send emails to authenticated requests only.

madebyfabian commented 12 months ago

The origins option does not work on servers:

{
    "data": {
        "sendEmail": {
            "to": "example@example.com",
            "sent": false,
            "replyTo": "",
            "origin": "",
            "message": "Origin not allowed, set origin in settings",
            "clientMutationId": null
        }
    },
    "extensions": {
        "debug": [
            {
                "type": "DEBUG_LOGS_INACTIVE",
                "message": "GraphQL Debug logging is not active. To see debug logs, GRAPHQL_DEBUG must be enabled."
            }
        ]
    }
}

So this is not an option.

kevinmac61 commented 10 months ago

headers: { 'Content-Type': 'application/json', Origin: 'http://localhost:5173', }

that worked for me