Open ghost opened 4 years ago
Hi @NorfeldtAbtion! In first part of the tutorial we configure our front–end to send a proper CSRF token with each request (in the paragraph starting with Back to coding. Since we use HTTP POST as a transport, we need to attach a proper CSRF token...
), have you tried it out? Sending CSRF token without disabling verification makes your app more secure 🙂
I realized that when I got further down - just wanted to test the queries like described in the tutorial. Perhaps it would make sense to have it insecure in the start the tutorial and then teach how to make it secure (as you do later in the tutorial)
It's a great tutorial - I'm learning a lot.
Great, I'm happy we've figured it out! Closing the issue for now, don't hesitate to reach out if you have any troubles
Great, I'm happy we've figured it out! Closing the issue for now, don't hesitate to reach out if you have any troubles
@DmitryTsepelev I still have one question related to this topic. I got to the part 3 and can't seem to figure out how to get GraphiQL to show the scheme with the current auth.
How did you get it to show:
Guessing that I need to set the headers - but unsure about how to do the CSFR token
Looks like graphiql-rails should set up CSRF token for us, no action should be required. Could you please make sure it's being correctly set up?
just started following you tutorial (rails and graphql newbie) and got this error on my first query
The fix was to
(could also have chosen to uncomment the
protect_from_forgery with: :null_session
that was given by the graphql generator but followed the recommendation from https://stackoverflow.com/a/34252150/618099 )just wanted to share that with you and others trying out the tutorial.