-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support ApolloSandbox playground #2581
feat: support ApolloSandbox playground #2581
Conversation
"title": title, | ||
"endpoint": endpoint, | ||
"endpointIsAbsolute": endpointHasScheme(endpoint), | ||
"mainSRI": "sha256-/E4VNgAWFmbNLyXACSYoqsDAj68jC1sCMSQ0cDjf4YM=", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you point to the documentation for where this mainSRI
comes from? Is this something that needs to be updated along with the JS CDN link?
I think it is a Subresource Integrity check, but I don't know where you found this one. Is it listed on Apollo's CDN or documentation somewhere associated with this release?
Perhaps you took the JS URL and ran it through https://www.srihash.org/ with sha256 selected?
Or maybe downloaded that script locally and did:
cat FILENAME.js | openssl dgst -sha256 -binary | openssl base64 -A
Or
shasum -b -a 256 FILENAME.js | awk '{ print $1 }' | xxd -r -p | base64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you point to the documentation for where this mainSRI comes from?
Yes, I followed the MDN documentation Subresource Integrity - Web security | MDN to get the hash value locally because I figured I needed to specify the RSI from another Handler implementation.
<script rel="preload" as="script" type="text/javascript" crossorigin="anonymous" integrity="{{.mainSRI}}" src="main.js"></script> |
I dit it.
CDN_FILE=https://embeddable-sandbox.cdn.apollographql.com/58165cf7452dbad480c7cb85e7acba085b3bac1d/embeddable-sandbox.umd.production.min.js
curl -s $CDN_FILE | openssl dgst -sha256 -binary | openssl base64 -A; echo
If subresource integrity is not required, it may be more convenient to always specify the most latest resource.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this something that needs to be updated along with the JS CDN link?
Yes, because the version is fixed by the commit hash. The integrity hash must be recomputed each time the version is bumped.
Of course, if use the latest resources, you don't have to deal with this.
new window.EmbeddedSandbox({ | ||
target: '#embedded-sandbox', | ||
initialEndpoint: url, | ||
persistExplorerState: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is necessary to enable includeCookies
and disable pollForSchemaUpdates
in initialState
to make the playground work the same as the others
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would also be nice to have a link to the options documentation like https://www.apollographql.com/docs/graphos/explorer/sandbox/#initialendpoint (or possibly somewhere else)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this contribution! |
I would like to add ApolloSandbox to the Playground options, similar to #2437
Apollo Sandbox: an open GraphQL IDE for local development - Apollo GraphQL Blog
ApolloSandbox includes developer-friendly features such as useful browsing of schema documentation, easy building queries, and sharing of queries in specific cases for debug.
new ApolloSandboxHandler