Hello everbody,
It’s been hours and hours and I am still stucked, so I hope someone can help me.
I am using :
Backend : Strapi 4.1.11
Frontend : Nextjs (Apolloclient for graphQL)
I log in on the frontend, on store the jwt on a cookie :
res
.setHeader('Set-Cookie', [
cookie.serialize('token', jwt, {
httpOnly: true,
secure: process.env.NODE_ENV !== 'development',
maxAge: 60 * 60 * 24 * 7, // 1 week
sameSite: 'strict',
path: '/',
}),
cookie.serialize('userid', id, {
httpOnly: true,
secure: process.env.NODE_ENV !== 'development',
maxAge: 60 * 60 * 24 * 7, // 1 week
sameSite: 'strict',
path: '/',
}),
])
.json({ message: response.data.user, jwt });
But because it’s httpOnly (for security reasons), how do I pass the token for every request ? As mentioned in the Strapi’s Docs :
Then on each request, send along an Authorization header in the form of { "Authorization": "Bearer YOUR_JWT_GOES_HERE" }. This can be set in the HTTP Headers section of your GraphQL Playground.
I followed ApolloClient doc, by setting a context with the headers inside (but this doesn’t work, because the httpOnly cookie is not accessible from client side) :
const httpLink = new HttpLink({
uri: process.env.NODE_ENV === 'development' ? endpoint : prodEndpoint,
credentials: 'include',
});
function createApolloClient(token = null) {
const authLink = setContext((_, { headers }) => {
const newHeaders = {
headers: {
...headers,
...(!!token && { authorization: `Bearer ${token}` }),
},
};
return newHeaders;
});
return new ApolloClient({
ssrMode: typeof window === 'undefined', // set to true for SSR
link: from([errorLink, authLink.concat(httpLink)]),
cache: new InMemoryCache(),
});
}
It would be much appreciated if someone had a solution.