Hi @all,
I enabled a graphql endpoint by defining a schema etc. following the documentation (https://docs.silverstripe.org/en/4/developer_guides/graphql/). I want to read and create dataobjects from a third-party system to keep this specific dataobject in sync between these two systems. Querying data-objects and sending mutations works fine in dev (GraphQL\DevOnlyAuthenticator is used).
For authentication an technical user was created and BasicAuthAuthenticator is used. Querying data works also, sending mutation requires a X-CSRF-TOKEN header. I have no glue, how to get the correct token after auth for a mutation request.
From third-party-system, the requests are send as follows:
private static function sendGraphQLRequest($query, $apiUrl)
{
try {
$data = array('query' => $query);
$options = [
'http' => [
'method' => 'POST',
'header' => [
'Content-Type: application/json',
'Authorization: Basic xxxxxxxxxxxxxxxx ',
],
'content' => json_encode($data),
],
];
$context = stream_context_create($options);
$response = file_get_contents($apiUrl, false, $context);
$responseObj = json_decode($response, true);
return $responseObj;
} catch (Exception $e) {
// Handling exception ...
}
}
Disabling the csrf as written in doc
SilverStripe\Core\Injector\Injector:
SilverStripe\GraphQL\QueryHandler\QueryHandlerInterface.default:
class: SilverStripe\GraphQL\QueryHandler\QueryHandler
properties:
Middlewares:
csrf: false
does not work. How to send mutations with a correct X-CSRF-TOKEN in a non-session context like this?
Best regards,
chrclaus