Consider changing Request.credentials from same-origin to include
jcbpl opened this issue · comments
I'm interested in deploying graphiql-workspace so that it could be used to call multiple authenticated graphql endpoints that run on subdomains of my company's TLD. Currently, the implementation of fallbackFetcher
precludes this because it calls fetch
with credentials: 'same-origin'
instead of credentials: 'include'
:
graphiql-workspace/src/GraphiQLTab.jsx
Line 535 in 967c3d5
Would there be any objection to changing same-origin
to include
? (FWIW, that's what the reference example in the graphiql repo does.)
Alternatively, if the use of same-origin
is deliberate, would it be possible to make it a configuration option?
Thanks!
I'm not an expert on CORS, but I think include
has it's own set of issues: #27 (the original PR that chnaged it to same-origin
).
I don't mind parametrizing it though. Would you like to make a PR?
Ah, got it. Yep, I'll open a PR.