Graphql Apollo客户端看不到授权标头

Question

I need to work with Graphql development server which requires from user Basic authentication. 我需要使用需要用户基本身份验证的Graphql开发服务器。

On frontend side to make requests to protected graphql service I wrote next code 在前端，向受保护的graphql服务发出请求，我编写了下一个代码

const authLink = setContext((_, { headers }) => {
   return {
      headers: {
         ...headers,
         Authorization: 'Basic ' + btoa('<login>:<pass>'),
      }
   }
});

const httpLink = new HttpLink({
   uri: process.env.REACT_APP_GQL_SERVER,
   fetchOptions: {
      mode: 'no-cors'
   }
});

const client = new ApolloClient({
   link: authLink.concat(httpLink),
   cache: new InMemoryCache(),
});

But I can't see "Authorization" header in the browser while request 但是请求时我无法在浏览器中看到“授权”标头

Could you please support me to paste Authorization header to the request or understand another way to work with Default Browser Authentication Prompt. 您能否支持我将“授权”标头粘贴到请求中，或者了解使用“默认浏览器身份验证提示”的另一种方法。

using: "apollo-boost": "^0.1.22", "apollo-link-context": "^1.0.12", 使用：“ apollo-boost”：“ ^ 0.1.22”，“ apollo-link-context”：“ ^ 1.0.12”，

============================================= =============================================

Tested variant to put header #1 经过测试的变体放置标头＃1

============================================= =============================================

const httpLink = createHttpLink({
   uri: process.env.REACT_APP_GQL_SERVER,
   fetchOptions: {
      mode: 'no-cors'
   },
});

const middlewareLink = new ApolloLink((operation, forward: any) => {
  operation.setContext({
    headers: {
      "Authorization": 'Basic ' + btoa('<login>:<password>')
    }
  });
  return forward(operation);
});

const client = new ApolloClient({
   link: middlewareLink.concat(httpLink),
   cache: new InMemoryCache(),
});

============================================= =============================================

Tested variant to put header #2 经过测试的变体可以放置标头＃2

============================================= =============================================

const authLink = setContext((_, { headers }) => {
  return {
    headers: {
      ...headers,
      authorization: 'Basic ' + btoa('<login>:<password>'),
    }
  }
});

const httpLink = new HttpLink({
   uri: process.env.REACT_APP_GQL_SERVER,
   fetchOptions: {
      mode: 'no-cors'
   }
});

const links: any = [];
links.push(httpLink);
links.push(authLink);

const client = new ApolloClient({
   link: ApolloLink.from(links),
   cache: new InMemoryCache(),
});

============================================= =============================================

Tested variant to put header #3 经过测试的变体放置标头3

============================================= =============================================

const middlewareLink = new ApolloLink((operation, forward: any) => {
  operation.setContext({
    headers: {
      authorization: 'Basic ' + btoa('<login>:<password>')
    }
  });
  return forward(operation);
});


const httpLink = new HttpLink({
   uri: process.env.REACT_APP_GQL_SERVER,
   fetchOptions: {
      mode: 'no-cors'
   }
});

const links: any = [];
links.push(httpLink);
links.push(middlewareLink);

const client = new ApolloClient({
   link: ApolloLink.from(links),
   cache: new InMemoryCache(),
});

Answer 1

Shortness: 短度：

BAP - BROWSER AUTH PROMPT BAP-浏览器授权提示

Answer: 回答：

I worked around a lot and I found a solution: 我做了很多工作，然后找到了解决方案：

Add OPTIONS request as allowed on backend. 在后端允许的情况下添加OPTIONS请求。 Response for OPTIONS request should be always 200 or 2xx. 对OPTIONS请求的响应应始终为200或2xx。 We need to exclude OPTIONS request from BAP checking because by specification - OPTIONS request can't have 'Authorization' header, this header will be always removed from request and if BAP will check required 'Authorization' header in OPTIONS request ofcourse it will not be found. 我们需要从BAP检查中排除OPTIONS请求，因为根据规范-OPTIONS请求不能具有“ Authorization”标头，该标头将始终从请求中删除，如果BAP在OPTIONS请求中检查所需的“ Authorization”标头，则不会找到了。

And I have created apollo-client in this way 我以这种方式创建了apollo-client

 import gql from 'graphql-tag'; import { ApolloClient, ApolloLink, HttpLink, InMemoryCache, FetchPolicy } from 'apollo-boost'; import { onError } from 'apollo-link-error'; const errorLink = onError(({ graphQLErrors, networkError }) => { if (graphQLErrors) { graphQLErrors.map(({ message, locations, path }) => console.error( `[GraphQL error]: Message: ${message}, Location: ${locations}, Path: ${path}`, ), ); } if (networkError) { logger.error(`[Network error]: ${networkError}`); } }); const links: any = []; links.push(errorLink); links.push( new HttpLink({ uri: process.env.REACT_APP_GQL_SERVER, headers: { authorization: 'Basic ' + btoa('<login>:<password>') }, }), ); const client = new ApolloClient({ link: ApolloLink.from(links), cache: new InMemoryCache(), });

BAP was enabled while no web-site auth was implemented. 未实施网站身份验证时启用了BAP 。 Of course, in production mode you will need to disable BAP and solution described here will cause another issues, so in future this solution should be reverted. 当然，在生产模式下，您将需要禁用BAP，并且此处描述的解决方案还会引起其他问题，因此将来应恢复此解决方案。

If you see another solution please help mу to find the best way of doing :) 如果您看到其他解决方案，请帮助您找到最佳的方法：）

Graphql Apollo客户端看不到授权标头

问题描述

Tested variant to put header #1 经过测试的变体放置标头＃1

Tested variant to put header #2 经过测试的变体可以放置标头＃2

Tested variant to put header #3 经过测试的变体放置标头3

1 个解决方案

解决方案1
0 2019-02-11 09:49:22

Shortness: 短度：

Answer: 回答：

Graphql Apollo客户端看不到授权标头

问题描述

Tested variant to put header #1 经过测试的变体放置标头＃1

Tested variant to put header #2 经过测试的变体可以放置标头＃2

Tested variant to put header #3 经过测试的变体放置标头3

1 个解决方案

解决方案1 0 2019-02-11 09:49:22

Shortness: 短度：

Answer: 回答：

解决方案1
0 2019-02-11 09:49:22