New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: fix origin sent with graphql requests #541
Conversation
075c2ed
to
1557e76
Compare
return cb( | ||
null, | ||
`${internals.options.storeUrl}${req.path}`, | ||
Object.assign( // Add 'origin' and 'host' headers to request before proxying |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I originally had this as a nice arrow function with a spread operator, but this made tests fail due to a bug in eslint/espree which was only fixed a few months ago. Upgrading our version of espree by 4 major versions seemed prohibitively complicated to make this one change, so I think we should just stick with the weird syntax for now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If espree
is just part of eslint
you can try bumping it ahead to 6 if that resolves the issue with espree
. eslint
doesn't have any functional impact so upgrading it should be very low risk.
I am ok with this approach as well though, its still clean and clear.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From my investigation it would mean a serious upgrade of many of the hapi
libraries we use, which are pretty fundamental to CLI. I view it as high-risk.
0dee62d
to
07ae18a
Compare
@@ -14,7 +14,7 @@ describe('stencil init', () => { | |||
let sandbox; | |||
|
|||
lab.beforeEach(done => { | |||
sandbox = Sinon.sandbox.create(); | |||
sandbox = Sinon.createSandbox(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doing this cleanup as part of this PR to fix some deprecation notices. Only affects tests.
4429eb1
to
5d8810f
Compare
What?
The JWT auth used for GraphQL Storefront API relies on the
origin
header sent by the browser to understand if the request should be allowed. For CLI, this origin was being sent aslocalhost
, which was being rejected.This PR uses CLI's proxying capabilities to overwrite/forge the correct
origin
header for the request so that GraphQL works again.