search

aws-amplify / amplify-js

A declarative JavaScript library for application development using cloud services.
https://docs.amplify.aws/lib/q/platform/js
Apache License 2.0
9.42k stars 2.11k forks source link

AppSync in the response resolver to support "Set-cookie", and supporing httponly, maxAge, Secure, SameSite parameters #9870

Open yanlin96 opened 2 years ago

yanlin96 commented 2 years ago

Is this related to a new or existing framework?

No, should be a AppSync only

Is this related to a new or existing API?

GraphQL API

Is this related to another service?

Cloudfront maybe

Describe the feature you'd like to request

Firstly, AppSync could have the ability to read the httponly cookie through the request headers;

Secondly, there is a use case that we want to set a httponly cookie in AppSync response resolver and send it back to the front end and reflect it in the browser. Currently, we have tried to use "$util.http.addResponseHeader("set-cookie":xxxxxxxxx)", however, after I set up a Nginx server with the same domain as AppSync locally, I could not see the cookie there in the response header.

Describe the solution you'd like

something similar like "$util.http.addResponseHeader("set-cookie":xxxxxxxxx)" with more parameters supported like httponly, secure, maxAge to put the set-cookie in the response header. And all resolvers should support that. Also need to considering integration with cloudfront and route53 maybe.

Describe alternatives you've considered

None

Additional context

No response

Is this something that you'd be interested in working on?

benm5678 commented 1 year ago

Yes, completely agree...if it can already set other headers, is there some technical challenge to allow us to also return set-cookie?