glinskyc
commented
5 years ago I experienced similar troubles that could have easily been explained in the documentation. As an Apollo newcomer, I have found the docs pertaining to the configuring of Apollo to be too minimal.
Upon installing the vue-apollo plugin, I had to configure Apollo in the following way to make use of a JWT and CSRF token stored in cookies (an alternative approach using JWT in localStorage). The JWT is typically an httponly cookie.
const defaultOptions = {
// ... also config other things like httpEndpoint
httpLinkOptions: {
credentials: 'include', // use 'same-origin' if it is appropriate for your case
headers: {'X-CSRF-TOKEN': CSRF_TOKEN},
},
// since JWT is sent via cookies, getAuth() does not need to get a token from the authorization header
getAuth: () => {return undefined},
},where CSRF_TOKEN is the value retrieved from a cookie. defaultOptions then gets used within createApolloClient:
const {apolloClient, wsClient} = createApolloClient({
...defaultOptions,
...options,
});If it applies to you, also make sure to configure your server, which hosts your GraphQL API, for CORS. Hopefully this saves someone else the trouble.
voluntadpear
Hey guys,
I've had quite some trouble setting up Apollo(-Boost) with Django cause the docs are not very extensive and difficult structured between Apollo, Vue-Apollo, Vue-Apollo-Boost (which doesn't seem to be documented at all).
I'd suggest adding a small section for all framework users out there. Eg for Django, I needed to find out about this to make CSRF protection work. Took me about three days.
Step 1> Install JS Cookie --> npm install --save js-cookie Step 2> Add the CSRF token to the Apollo client header:
Done.
Thanks in advance.