feat(postgraphiql): save headers to localStorage #1174
Conversation
|
I understand the frustration, but this is another convenience vs security issue; storing JWTs and other private header data to LocalStorage opens an attack path that the users of GraphiQL might not expect. I'm very uncomfortable making storing it the default behaviour. Maybe we can make it opt-in either via a CLI/library option, or with a UI option like a checkbox "save these headers ℹ️" above the headers input? The info button should explain why it's not enabled by default. |
|
I guess this checkbox would calm your concerns? :) |
| this.state.headersText = headersText; | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
Please move this code to the state = property initialiser above, and simplify it, e.g.
saveHeadersText: this._storage.get(STORAGE_KEYS.SAVE_HEADERS_TEXT) === 'true' ? true : false,
headersText: this._storage.get(STORAGE_KEYS.HEADERS_TEXT) || "",(Note headersText doesn't need to respect saveHeadersText here - if it's in local storage then we should display it anyway. The code later should ensure that it's not stored unless it's checked.)
There was a problem hiding this comment.
Okay. You sure you want an empty string instead of the default '{\n"Authorization": null\n}\n'up until now?
There was a problem hiding this comment.
Use the existing default :) The above comment is just an approximation.
|
(Also please merge the latest master into this branch; we do git squashing so you don't need to worry about keeping the history linear.) |
|
done :) |
benjie
changed the title
It was pretty annoying to me that PostGraphiQL "forgets" the headers at every page refresh (we have schema polling disabled).
This will store the headers in localStorage as soon as they're valid JSON and retrieve them on component creation.