I have all the correct things set up here is what my server looks like:
return apolloServer.createHandler({
expressGetMiddlewareOptions: {
cors: {
origin: ['http://localhost:8080', 'https://studio.apollographql.com'],
credentials: true,
},
}
})(event, context, callback)
this is how I define the cookie with setting sameSite to none and secure to true
setCookies.push({
name: "cookieName",
value: "cookieContent",
options: {
// expires: moment().add(1, 'hours').format(),
httpOnly: true,
maxAge: 3600,
path: "/",
sameSite: 'none',
secure: true
}
});
I also enabled cookies to be sent in studio. So when I make a request with studio apollo graphql things work as expected where the http only cookie I have is saving to chrome.
here is the full http request
accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: keep-alive
Content-Length: 1523
content-type: application/json
Cookie: g_state={"i_l":0}; cookieName=cookieContent
Host: localhost:3000
Origin: http://localhost:8080
Referer: http://localhost:8080/
sec-ch-ua: "Google Chrome";v="95", "Chromium";v="95", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "macOS"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
For some reason in apollo client I get this response:
{"statusCode":400,"error":"Bad Request","message":"Invalid cookie value"}
On the client side this is what I have:
const link = new HttpLink({
uri: process.env.REACT_APP_GRAPH_QL_URI,
credentials: 'include'
});
const client = new ApolloClient({
cache,
link
});
After hours of googling I am puzzled as to why I get this error on client side but everything works as expected for the studio site.
I ended up figuring out that it was the serverless-offline package there is a flag --disableCookieValidation that I guess sets some options for the package hapi which will fix the validation issue I was getting back.