I'm interested in deploying graphiql-workspace so that it could be used to call multiple authenticated graphql endpoints that run on subdomains of my company's TLD. Currently, the implementation of fallbackFetcher precludes this because it calls fetch with credentials: 'same-origin' instead of credentials: 'include':

Would there be any objection to changing same-origin to include? (FWIW, that's what the reference example in the graphiql repo does.)

Alternatively, if the use of same-origin is deliberate, would it be possible to make it a configuration option?

Thanks!

I'm not an expert on CORS, but I think include has it's own set of issues: #27 (the original PR that chnaged it to same-origin).

I don't mind parametrizing it though. Would you like to make a PR?

Ah, got it. Yep, I'll open a PR.