Using a GraphQL API that performs cookie-based authentication with Stellate requires an extra step: You need to set up a custom domain on Stellate.
The reason for that is just how cookies over HTTP work. When sending a request to log in, the response contains a
Set-Cookie header that stores some kind of token inside a cookie. However, the browser will by default not accept this cookie for a "cross-origin request", i.e. a request that was sent to a different domain.
This won't work with Cookies:
❌ GraphQL Request from
Instead, you need to create a subdomain for your API and add it as a custom domain to your Stellate service:
✅ GraphQL Request from
Step 1: Add a custom domain to your service
Step 2: Adjust the scope of the cookie
The cookie coming from your backend needs to support the whole domain scope. We created two examples that show you how to do in Node.js: