Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't send op headers in introspection from here on out #7732

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
+96 −32
Open

Don't send op headers in introspection from here on out #7732

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2fe897c
don't send op headers in introspection in AS4 anymore, pin a version …
mayakoneval Sep 22, 2023
d53f498
update testsg
mayakoneval Sep 22, 2023
5a4e202
instead of manually adding the commit hash, use constant
mayakoneval Sep 22, 2023
30327b3
changeset
mayakoneval Sep 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/happy-roses-chew.md
View file
Open in desktop
@@ -0,0 +1,5 @@
---
'@apollo/server': minor
---

In Landing Page plugin for local development, add option to send only the Shared Headers, rather than Shared Headers & Operation Headers.
2 changes: 1 addition & 1 deletion docs/source/api/plugin/landing-pages.mdx
View file
Open in desktop
Expand Up @@ -83,7 +83,7 @@ This landing page is designed for use in local development, where `NODE_ENV` is
</td>
<td>

By default, this plugin uses the latest version of the landing page published to Apollo's CDN. If you'd like to pin the current version, you can specify it here.
By default, this plugin uses a recent version of the landing page published to Apollo's CDN. If you'd like to pin the current version, you can specify it here.

The current latest version is available at [this link](https://apollo-server-landing-page.cdn.apollographql.com/_latest/version.txt).

Expand Down
10 changes: 8 additions & 2 deletions packages/integration-testsuite/src/apolloServerTests.ts
View file
Open in desktop
Expand Up @@ -57,7 +57,10 @@ import {
ApolloServerPluginLandingPageDisabled,
ApolloServerPluginUsageReportingDisabled,
} from '@apollo/server/plugin/disabled';
import { ApolloServerPluginLandingPageLocalDefault } from '@apollo/server/plugin/landingPage/default';
import {
ApolloServerPluginLandingPageLocalDefault,
DEFAULT_EMBED_VERSION,
} from '@apollo/server/plugin/landingPage/default';
import {
jest,
describe,
Expand Down Expand Up @@ -2912,7 +2915,10 @@ export function defineIntegrationTestSuiteApolloServerTests(
url = (await createServer(makeServerConfig([]))).url;
await get().expect(
200,
/embeddable-sandbox.cdn.apollographql.com\/_latest\/embeddable-sandbox.umd.production.min.js/s,
new RegExp(
`embeddable-sandbox.cdn.apollographql.com\/${DEFAULT_EMBED_VERSION}\/embeddable-sandbox.umd.production.min.js`,
's',
),
);
});

Expand Down
47 changes: 36 additions & 11 deletions packages/server/src/__tests__/plugin/landingPage/getEmbeddedExplorerHTML.test.ts
View file
Open in desktop
@@ -1,8 +1,8 @@
import { DEFAULT_EMBED_VERSION } from '../../../plugin/landingPage/default';
import { getEmbeddedExplorerHTML } from '../../../plugin/landingPage/default/getEmbeddedHTML';
import type { ApolloServerPluginEmbeddedLandingPageProductionDefaultOptions } from '../../../plugin/landingPage/default/types';
import { describe, it, expect } from '@jest/globals';

const cdnVersion = '_latest';
expect.addSnapshotSerializer(require('jest-serializer-html'));
const apolloServerVersion = '@apollo/server@4.0.0';

Expand Down Expand Up @@ -31,7 +31,12 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
graphRef: 'graph@current',
};
expect(
getEmbeddedExplorerHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedExplorerHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -58,7 +63,7 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
<div id="embeddableExplorer">
</div>
<script nonce="nonce"
src="https://embeddable-explorer.cdn.apollographql.com/_latest/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-explorer.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
Expand All @@ -81,7 +86,12 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
graphRef: 'graph@current',
};
expect(
getEmbeddedExplorerHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedExplorerHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -108,7 +118,7 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
<div id="embeddableExplorer">
</div>
<script nonce="nonce"
src="https://embeddable-explorer.cdn.apollographql.com/_latest/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-explorer.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
Expand All @@ -132,7 +142,12 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
graphRef: 'graph@current',
};
expect(
getEmbeddedExplorerHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedExplorerHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -159,7 +174,7 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
<div id="embeddableExplorer">
</div>
<script nonce="nonce"
src="https://embeddable-explorer.cdn.apollographql.com/_latest/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-explorer.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
Expand All @@ -181,7 +196,12 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
graphRef: 'graph@current',
};
expect(
getEmbeddedExplorerHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedExplorerHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -208,7 +228,7 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
<div id="embeddableExplorer">
</div>
<script nonce="nonce"
src="https://embeddable-explorer.cdn.apollographql.com/_latest/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-explorer.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
Expand All @@ -233,7 +253,12 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
graphRef: 'graph@current',
};
expect(
getEmbeddedExplorerHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedExplorerHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -260,7 +285,7 @@ describe('Embedded Explorer Landing Page Config HTML', () => {
<div id="embeddableExplorer">
</div>
<script nonce="nonce"
src="https://embeddable-explorer.cdn.apollographql.com/_latest/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-explorer.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-explorer.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
Expand Down
57 changes: 41 additions & 16 deletions packages/server/src/__tests__/plugin/landingPage/getEmbeddedSandboxHTML.test.ts
View file
Open in desktop
@@ -1,8 +1,8 @@
import { DEFAULT_EMBED_VERSION } from '../../../plugin/landingPage/default';
import { getEmbeddedSandboxHTML } from '../../../plugin/landingPage/default/getEmbeddedHTML';
import type { ApolloServerPluginEmbeddedLandingPageLocalDefaultOptions } from '../../../plugin/landingPage/default/types';
import { describe, it, expect } from '@jest/globals';

const cdnVersion = '_latest';
expect.addSnapshotSerializer(require('jest-serializer-html'));
const apolloServerVersion = '@apollo/server@4.0.0';

Expand All @@ -22,7 +22,12 @@ describe('Landing Page Config HTML', () => {
embed: true,
};
expect(
getEmbeddedSandboxHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedSandboxHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -49,12 +54,12 @@ describe('Landing Page Config HTML', () => {
<div id="embeddableSandbox">
</div>
<script nonce="nonce"
src="https://embeddable-sandbox.cdn.apollographql.com/_latest/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-sandbox.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
var initialEndpoint = window.location.href;
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{"document":"query Test { id }","variables":{"option":{"a":"val","b":1,"c":true}},"headers":{"authorization":"true"},"includeCookies":true},"hideCookieToggle":false,"endpointIsEditable":false,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"allowDynamicStyles":false};
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{"document":"query Test { id }","variables":{"option":{"a":"val","b":1,"c":true}},"headers":{"authorization":"true"},"includeCookies":true},"hideCookieToggle":false,"endpointIsEditable":false,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"sendOperationHeadersInIntrospection":false,"allowDynamicStyles":false};
new window.EmbeddedSandbox(
{
...embeddedSandboxConfig,
Expand All @@ -72,7 +77,12 @@ describe('Landing Page Config HTML', () => {
embed: true,
};
expect(
getEmbeddedSandboxHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedSandboxHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -99,12 +109,12 @@ describe('Landing Page Config HTML', () => {
<div id="embeddableSandbox">
</div>
<script nonce="nonce"
src="https://embeddable-sandbox.cdn.apollographql.com/_latest/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-sandbox.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
var initialEndpoint = window.location.href;
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{"headers":{"authorization":"true"},"includeCookies":true},"hideCookieToggle":false,"endpointIsEditable":false,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"allowDynamicStyles":false};
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{"headers":{"authorization":"true"},"includeCookies":true},"hideCookieToggle":false,"endpointIsEditable":false,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"sendOperationHeadersInIntrospection":false,"allowDynamicStyles":false};
new window.EmbeddedSandbox(
{
...embeddedSandboxConfig,
Expand All @@ -120,7 +130,12 @@ describe('Landing Page Config HTML', () => {
embed: true,
};
expect(
getEmbeddedSandboxHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedSandboxHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -147,12 +162,12 @@ describe('Landing Page Config HTML', () => {
<div id="embeddableSandbox">
</div>
<script nonce="nonce"
src="https://embeddable-sandbox.cdn.apollographql.com/_latest/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-sandbox.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
var initialEndpoint = window.location.href;
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{},"hideCookieToggle":false,"endpointIsEditable":false,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"allowDynamicStyles":false};
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{},"hideCookieToggle":false,"endpointIsEditable":false,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"sendOperationHeadersInIntrospection":false,"allowDynamicStyles":false};
new window.EmbeddedSandbox(
{
...embeddedSandboxConfig,
Expand All @@ -170,7 +185,12 @@ describe('Landing Page Config HTML', () => {
embed: true,
};
expect(
getEmbeddedSandboxHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedSandboxHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -197,12 +217,12 @@ describe('Landing Page Config HTML', () => {
<div id="embeddableSandbox">
</div>
<script nonce="nonce"
src="https://embeddable-sandbox.cdn.apollographql.com/_latest/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-sandbox.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
var initialEndpoint = window.location.href;
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{"collectionId":"12345","operationId":"abcdef"},"hideCookieToggle":false,"endpointIsEditable":false,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"allowDynamicStyles":false};
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{"collectionId":"12345","operationId":"abcdef"},"hideCookieToggle":false,"endpointIsEditable":false,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"sendOperationHeadersInIntrospection":false,"allowDynamicStyles":false};
new window.EmbeddedSandbox(
{
...embeddedSandboxConfig,
Expand All @@ -225,7 +245,12 @@ describe('Landing Page Config HTML', () => {
},
};
expect(
getEmbeddedSandboxHTML(cdnVersion, config, apolloServerVersion, 'nonce'),
getEmbeddedSandboxHTML(
DEFAULT_EMBED_VERSION,
config,
apolloServerVersion,
'nonce',
),
).toMatchInlineSnapshot(`
<div class="fallback">
<h1>
Expand All @@ -252,12 +277,12 @@ describe('Landing Page Config HTML', () => {
<div id="embeddableSandbox">
</div>
<script nonce="nonce"
src="https://embeddable-sandbox.cdn.apollographql.com/_latest/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
src="https://embeddable-sandbox.cdn.apollographql.com/${DEFAULT_EMBED_VERSION}/embeddable-sandbox.umd.production.min.js?runtime=%40apollo%2Fserver%404.0.0"
>
</script>
<script nonce="nonce">
var initialEndpoint = window.location.href;
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{"includeCookies":false,"pollForSchemaUpdates":false,"sharedHeaders":{"SharedHeaderKey":"SharedHeaderValue"}},"hideCookieToggle":false,"endpointIsEditable":true,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"allowDynamicStyles":false};
var embeddedSandboxConfig = {"target":"#embeddableSandbox","initialState":{"includeCookies":false,"pollForSchemaUpdates":false,"sharedHeaders":{"SharedHeaderKey":"SharedHeaderValue"}},"hideCookieToggle":false,"endpointIsEditable":true,"runtime":"@apollo/server@4.0.0","runTelemetry":true,"sendOperationHeadersInIntrospection":false,"allowDynamicStyles":false};
new window.EmbeddedSandbox(
{
...embeddedSandboxConfig,
Expand Down
1 change: 1 addition & 0 deletions packages/server/src/plugin/landingPage/default/getEmbeddedHTML.ts
View file
Open in desktop
Expand Up @@ -163,6 +163,7 @@ export const getEmbeddedSandboxHTML = (
endpointIsEditable: localDevelopmentEmbedConfigOrDefault.endpointIsEditable,
runtime: apolloServerVersion,
runTelemetry: localDevelopmentEmbedConfigOrDefault.runTelemetry,
sendOperationHeadersInIntrospection: false,
allowDynamicStyles: false, // disabled for CSP - we add the iframe styles ourselves instead
};
return `
Expand Down
4 changes: 3 additions & 1 deletion packages/server/src/plugin/landingPage/default/index.ts
View file
Open in desktop
Expand Up @@ -78,6 +78,8 @@ const getNonEmbeddedLandingPageHTML = (
)}/static/js/main.js?runtime=${apolloServerVersion}"></script>`;
};

export const DEFAULT_EMBED_VERSION = '17c6b43a4068da710c3713ec72f03dcb34bbd3de';

// Helper for the two actual plugin functions.
function ApolloServerPluginLandingPageDefault<TContext extends BaseContext>(
maybeVersion: string | undefined,
Expand All @@ -86,7 +88,7 @@ function ApolloServerPluginLandingPageDefault<TContext extends BaseContext>(
apolloStudioEnv: 'staging' | 'prod' | undefined;
},
): ImplicitlyInstallablePlugin<TContext> {
const version = maybeVersion ?? '_latest';
const version = maybeVersion ?? DEFAULT_EMBED_VERSION; // version as of the latest PR to change the config here. We pin the embed version so new changes to Sandbox don't change default behavior for folks here.
const apolloServerVersion = `@apollo/server@${packageVersion}`;

const scriptSafeList = [
Expand Down
2 changes: 1 addition & 1 deletion packages/server/src/plugin/landingPage/default/types.ts
View file
Open in desktop
Expand Up @@ -38,7 +38,7 @@ type InitialStateForEmbeds =

export type ApolloServerPluginLandingPageDefaultBaseOptions = {
/**
* By default, the landing page plugin uses the latest version of the landing
* By default, the landing page plugin uses a recent version of the landing
* page published to Apollo's CDN. If you'd like to pin the current version,
* pass the SHA served at
* https://apollo-server-landing-page.cdn.apollographql.com/_latest/version.txt
Expand Down