Cookie Support
Using a GraphQL API that performs cookie-based authentication with Stellate requires an extra step: You need to set up a custom domain on Stellate.
The reason for that is just how cookies over HTTP work. When sending a request to log in, the response contains a Set-Cookie header that stores some kind of token inside a cookie. However, the browser will by default not accept this cookie for a “cross-origin request”, i.e. a request that was sent to a different domain.
This won’t work with Cookies:
❌ GraphQL Request from https://your-domain.com ➡️ https://your-service.stellate.sh
Configure subdomain
Instead, you need to create a subdomain for your API and add it as a custom domain to your Stellate service:
✅ GraphQL Request from https://your-domain.com ➡️ https://api.your-domain.com
Add a custom domain to your service
Check out this guide on how to add a custom domain to your service.
Adjust the scope of the cookie
The cookie coming from your backend needs to support the whole domain scope. We created two examples that show you how to do in Node.js:
- next-auth , for when you are using NextAuth.js
- passport , in case you are using Passport.js