Set Up Cookie Support

Using a GraphQL API that performs cookie-based authentication with Stellate requires an extra step: You need to set up a custom domain on Stellate.

The reason for that is just how cookies over HTTP work. When sending a request to log in, the response contains a Set-Cookie header that stores some kind of token inside a cookie. However, the browser will by default not accept this cookie for a "cross-origin request", i.e. a request that was sent to a different domain.

This won't work with Cookies:

❌ GraphQL Request from https://your-domain.com ➡️ https://your-service.stellate.sh

Instead, you need to create a subdomain for your API and add it as a custom domain to your Stellate service:

✅ GraphQL Request from https://your-domain.com ➡️ https://api.your-domain.com

Step 1: Add a custom domain to your service

Check out this guide on how to add a custom domain to your service.

Step 2: Adjust the scope of the cookie

The cookie coming from your backend needs to support the whole domain scope. We created two examples that show you how to do in Node.js: