Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix origin sent with graphql requests #541

Merged
merged 2 commits into from Dec 16, 2019
Merged

fix: fix origin sent with graphql requests #541

merged 2 commits into from Dec 16, 2019

Conversation

bookernath
Copy link
Contributor

What?

The JWT auth used for GraphQL Storefront API relies on the origin header sent by the browser to understand if the request should be allowed. For CLI, this origin was being sent as localhost, which was being rejected.

This PR uses CLI's proxying capabilities to overwrite/forge the correct origin header for the request so that GraphQL works again.

@bookernath bookernath force-pushed the fix-graphql-requests branch 4 times, most recently from 075c2ed to 1557e76 Compare December 14, 2019 21:42
bookernath
bookernath commented Dec 14, 2019
View reviewed changes
server/plugins/router/router.module.js
return cb(
null,
`${internals.options.storeUrl}${req.path}`,
Object.assign( // Add 'origin' and 'host' headers to request before proxying
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I originally had this as a nice arrow function with a spread operator, but this made tests fail due to a bug in eslint/espree which was only fixed a few months ago. Upgrading our version of espree by 4 major versions seemed prohibitively complicated to make this one change, so I think we should just stick with the weird syntax for now.

Copy link
Contributor

@ncheikh ncheikh Dec 16, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If espree is just part of eslint you can try bumping it ahead to 6 if that resolves the issue with espree. eslint doesn't have any functional impact so upgrading it should be very low risk.

I am ok with this approach as well though, its still clean and clear.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my investigation it would mean a serious upgrade of many of the hapi libraries we use, which are pretty fundamental to CLI. I view it as high-risk.

@bookernath
Copy link
Contributor Author

Ping @bc-jz @ncheikh

@bookernath bookernath force-pushed the fix-graphql-requests branch 2 times, most recently from 0dee62d to 07ae18a Compare December 16, 2019 17:43
bookernath
bookernath commented Dec 16, 2019
View reviewed changes
bin/stencil-init.spec.js
@@ -14,7 +14,7 @@ describe('stencil init', () => {
let sandbox;

lab.beforeEach(done => {
sandbox = Sinon.sandbox.create();
sandbox = Sinon.createSandbox();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doing this cleanup as part of this PR to fix some deprecation notices. Only affects tests.

@ncheikh ncheikh merged commit 8f3f02c into bigcommerce:master Dec 16, 2019
@bookernath bookernath deleted the fix-graphql-requests branch December 16, 2019 19:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ncheikh ncheikh ncheikh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@bookernath @ncheikh