Pass custom header in GraphiQL

[nicolaslopezj]

This passes the Meteor login token in the authorization header so magically we are connected with the logged in user in GraphiQL.

---

I wanted to make a solution that fits all types of Apps, not only Meteor. But I couldn't find a non-hacky way to pass headers to the fetch function.

So as a second option we could pass a string to renderGraphiQL (setting it in the options when creating the server) that we later put into the GraphiQL document string, like this:

createApolloServer({
  /* schema and resolvers */
}, {
  graphiqlOptions: {
    passHeader: "'Authorization': localStorage['Meteor.loginToken']"
  }
})

headers: {
  'Accept': 'application/json',
  'Content-Type': 'application/json',
  ${passHeader}
},

I don't like this solution very much but it works with non Meteor Apps

[stubailo]

I think it would be better to add an option to do this rather than hard coding a meteor specific solution.

[nicolaslopezj]

@stubailo It's ok now?

I also made a PR https://github.com/apollostack/meteor-integration/pull/35/files that passes the meteor authorization header automatically.

[helfer]

I think we can merge this, because it's a simple way to get authorization, but it's a very hacky solution, so I'd rather not document it prominently.

[helfer]

Thanks @nicolaslopezj

[helfer]

@nicolaslopezj I just realized that there's no test for this code. Would you mind making another PR that adds a test? Thanks!

[lorensr]

Included in v0.3.0

https://github.com/apollostack/apollo-server/blob/master/CHANGELOG.md#v030

[bryanerayner]

@helfer, AFAIK this is the easiest way to get authentication for a Graphiql client. Hacky or not, I think it would make a lot of people's lives much easier (including mine!)

How can we upgrade this feature to make it "not hacky"?

[stubailo]

I think it is best to open a new issue about it.