PWA-3154:GraphQL cacheable requests always have Authorization Bearer …

[glo11372]

Description

GraphQL cacheable requests always have "Authorization Bearer" header Steps to test the behaviour :

1- sign up.in Venia.magento.com or any PWA store 2- login 3- check network tab on any page and search for GraphQL requests which should be cached such as CMSPages 4- check the request header you will not find Authorization Bearer header exist 5- Varnish will cache that request's response.

Related Issue

Closes # https://jira.corp.adobe.com/browse/PWA-3154

Acceptance

Verification Stakeholders

Specification

Verification Steps

Test scenario(s) for direct fix/feature

Test scenario(s) for any existing impacted features/areas

Test scenario(s) for any Magento Backend Supported Configurations

Is Browser/Device testing needed?

Any ad-hoc/edge case scenarios that need to be considered?

Screenshots / Screen Captures (if appropriate)

Breaking Changes (if any)

Checklist

• I have added tests to cover my changes, if necessary.
• I have added translations for new strings, if necessary.
• I have updated the documentation accordingly, if necessary.

[pwa-studio-bot]

	Messages
:book:	Associated JIRA tickets: [PWA-3154](https://jira.corp.magento.com/browse/PWA-3154).
:book:	DangerCI Failures related to missing labels/description/linked issues/etc will persist until the next push or next pr-test build run (assuming they are fixed).
:book:	Access a deployed version of this PR [here](https://pr-4240.pwa-venia.com/). Make sure to wait for the "pwa-pull-request-deploy" job to complete.

Generated by :no_entry_sign: dangerJS against cc928d5efbc893f2e949e0b3dd9a4616186d93de

[fooman]

How will signed in customer functionality work with the authLink removed? https://github.com/magento/pwa-studio/blob/d12b8c40678a43d3ba173f7eab2509f7687caa65/packages/peregrine/lib/Apollo/links/authLink.js#L15

[glo85315]

How will signed in customer functionality work with the authLink removed?

https://github.com/magento/pwa-studio/blob/d12b8c40678a43d3ba173f7eab2509f7687caa65/packages/peregrine/lib/Apollo/links/authLink.js#L15

Hi this will work after removing authLink .because when user logined server will create cookies and send back to client side. in client side cookies will store in user browser and this cookies will take in to next subsequent API Header request as cookies. then server validate cookie and if its valid it will allow the authetication.

please see attached screen shot .red mark

• Authentication: When a user logs in to your application, your server typically creates a session for that user and issues a session identifier in the form of a cookie. This cookie is then stored in the user's browser.
• Subsequent Requests: When the user performs actions or accesses protected resources that require authorization, your React application sends requests to the server. The browser automatically includes the cookies associated with the domain in the request headers.
• Server-side Authentication: On the server side, your application checks for the presence of the session cookie in the request headers. If the session cookie is present and valid, the server identifies the user associated with the session and authorizes the request accordingly.

[glo82145]

deploy pr-test

[glo82145]

deploy pwa-pr-test