subscription request not sending additional http headers

graphql / graphql-playground

🎮 GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)

MIT License

8.77k stars 735 forks source link

subscription request not sending additional http headers #1305

Open NikkyAI opened 3 years ago

NikkyAI commented 3 years ago

This issue pertains to the following package(s):

[ ] GraphQL Playground - Electron App
[ ] GraphQL Playground HTML
[ ] GraphQL Playground
[ ] GraphQL Playground Express Middleware
[ ] GraphQL Playground Hapi Middleware
[ ] GraphQL Playground Koa Middleware
[ ] GraphQL Playground Lambda Middleware

What version of graphql-playground(-electron/-middleware) are you experiencing the issue(s) on?

whatever is delivered by `cdn.jsdelivr.net/npm/graphql-playground-react/build/static/js/middleware.js

What is the expected behavior?

HTTP headers added to /subscriptions request eg: custom Authentication header

What is the actual behavior?

no Authentication header being added

What steps may we take to reproduce the behavior?

add headers and inspect /subscriptions websocket request via browser tools

might be duplicate of #1296

bizzycola commented 3 years ago

Websockets cannot send headers, the spec doesn't allow it and browsers don't support it.

When you connect a subscription, rather than sending Authorization as a header, Playground sends it with the 'payload' it sends during connection. (so you'd get an object like {"Authorization": "Bearer ...", ...})

How you handle this depends on your backend. I was able to parse and handle it in ASP.Net Core with HotChocolate, validate the JWT and pass the UserId forward for my subscription endpoints to use by hooking HotChocolate's OnConnect event for the websocket.

lanwin commented 3 years ago

@bizzycola what about sending the headers object as default subscription init payload? I think that would fit most users needs.

Speaking of subscription payloads. Whats the correct way to configure them in Playground? Did not yet found one.

bizzycola commented 3 years ago

@lanwin That could be a viable way to handle it. I've not tested if Playground includes any headers other than Authorization in the payload so could be worth a try.

A way to configure the payload would also be useful, and hopefully not too hard to implement.

bartenra commented 3 years ago

Hello! I ran into this issue today.

I understand that Websockets do not have a concept of headers, but neither does it have a concept of cookies, and they are being sent along using the intial HTTP exchange. So it would be very handy if headers could be included as well.