-
-
Notifications
You must be signed in to change notification settings - Fork 568
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(postgraphiql): save headers to localStorage #1174
Conversation
I understand the frustration, but this is another convenience vs security issue; storing JWTs and other private header data to LocalStorage opens an attack path that the users of GraphiQL might not expect. I'm very uncomfortable making storing it the default behaviour. Maybe we can make it opt-in either via a CLI/library option, or with a UI option like a checkbox "save these headers ℹ️" above the headers input? The info button should explain why it's not enabled by default. |
I guess this checkbox would calm your concerns? :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me; a little refactoring and we can merge :)
this.state.headersText = headersText; | ||
} | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please move this code to the state =
property initialiser above, and simplify it, e.g.
saveHeadersText: this._storage.get(STORAGE_KEYS.SAVE_HEADERS_TEXT) === 'true' ? true : false,
headersText: this._storage.get(STORAGE_KEYS.HEADERS_TEXT) || "",
(Note headersText doesn't need to respect saveHeadersText here - if it's in local storage then we should display it anyway. The code later should ensure that it's not stored unless it's checked.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay. You sure you want an empty string instead of the default '{\n"Authorization": null\n}\n'
up until now?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use the existing default :) The above comment is just an approximation.
(Also please merge the latest master into this branch; we do git squashing so you don't need to worry about keeping the history linear.) |
done :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome; very useful feature 🙌
It was pretty annoying to me that PostGraphiQL "forgets" the headers at every page refresh (we have schema polling disabled).
This will store the headers in localStorage as soon as they're valid JSON and retrieve them on component creation.