Using a GraphQL API that performs cookie-based authentication with Stellate requires an extra step: You need to set up a custom domain on Stellate.
The reason for that is just how cookies over HTTP work. When sending a request to log in, the response usually contains a
Set-Cookie header that stores some kind of token inside a cookie. However, the browser will by default not accept this cookie for a "cross-origin request", i.e. a request that was sent to a different domain.
Stellate gives you a subdomain where you can access your service out of the box at
graphcdn.app for older services), but this is a different domain than your website. To solve this, Stellate allows you to set a custom domain in the settings for your service.
We currently have example codebases for two common authentication libraries available:
Updated 4 months ago