Open ghost opened 4 years ago
DmitryTsepelev
commented
4 years ago Hi @NorfeldtAbtion! In first part of the tutorial we configure our front–end to send a proper CSRF token with each request (in the paragraph starting with Back to coding. Since we use HTTP POST as a transport, we need to attach a proper CSRF token...), have you tried it out? Sending CSRF token without disabling verification makes your app more secure 🙂
ghost
commented
4 years ago I realized that when I got further down - just wanted to test the queries like described in the tutorial. Perhaps it would make sense to have it insecure in the start the tutorial and then teach how to make it secure (as you do later in the tutorial)
It's a great tutorial - I'm learning a lot.
DmitryTsepelev
commented
4 years ago Great, I'm happy we've figured it out! Closing the issue for now, don't hesitate to reach out if you have any troubles
ghost
commented
4 years ago Great, I'm happy we've figured it out! Closing the issue for now, don't hesitate to reach out if you have any troubles
@DmitryTsepelev I still have one question related to this topic. I got to the part 3 and can't seem to figure out how to get GraphiQL to show the scheme with the current auth.
How did you get it to show:
Guessing that I need to set the headers - but unsure about how to do the CSFR token
DmitryTsepelev
commented
4 years ago Looks like graphiql-rails should set up CSRF token for us, no action should be required. Could you please make sure it's being correctly set up?
just started following you tutorial (rails and graphql newbie) and got this error on my first query
The fix was to
(could also have chosen to uncomment the
protect_from_forgery with: :null_sessionthat was given by the graphql generator but followed the recommendation from https://stackoverflow.com/a/34252150/618099 )just wanted to share that with you and others trying out the tutorial.