How can i use Bearer Authorization Header with Mutations? #2273
-
|
Hi, how can i write this code with mutations? // client-side
const res = await fetch('/api/login', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: 'Bearer ' + token,
},
});
// server
export default async function login(req, res) {
try {
const didToken = req.headers.authorization.substr(7);
await token.validate(didToken);
res.status(200).json({ authenticated: true });
} catch (error) {
res.status(500).json({ error: error.message });
}
} |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
First thing, is that code looks like for a custom API route, not a "mutation" as you have in the title? Which do you mean? If this is an API route, your code looks mostly right. So what problem are you having? |
Beta Was this translation helpful? Give feedback.
-
|
thank you for the quick reply. I just wanted to know if you can use this fetch function also with mutations |
Beta Was this translation helpful? Give feedback.
-
|
Queries and mutations don't use Authorization header. They use httpOnly cookies. But you will need to set the anti-csrf header as specified here: https://blitzjs.com/docs/session-management#manual-api-requests |
Beta Was this translation helpful? Give feedback.
Queries and mutations don't use Authorization header. They use httpOnly cookies. But you will need to set the anti-csrf header as specified here: https://blitzjs.com/docs/session-management#manual-api-requests