Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Self-Signed Certificate Validation in Apollo Client with Custom CA Certificate #11473

Closed
RunCor399 opened this issue Jan 9, 2024 · 4 comments
Closed

Self-Signed Certificate Validation in Apollo Client with Custom CA Certificate #11473

RunCor399 opened this issue Jan 9, 2024 · 4 comments

Comments

@RunCor399
Copy link

I'm working on connecting Apollo Client in my React frontend with a Hasura endpoint. I'm trying to figure out how to make so that my application is able to validate a custom certificate (received from the GraphQL Engine) against a specific CA certificate (Stored in the application backend and obtained by the frontend through an API).

The problem that I'm facing is that my Apollo Client is set up in my React frontend, hence I'm not able to use https.Agent as mentioned in this Apollo Link issue, since https is a Node module.

Any thoughts or ideas on how to make this work would be appreciated. Unfortunately I wasn't able to find much documentation or best practices regarding this specific task.
@phryneas
Copy link
Member

phryneas commented Jan 9, 2024

I'm sorry, but I believe this is pretty much out of your hands. Any aspect of the transport protocol is a browser implementation details - to my knowledge, the browser doesn't expose any functionality like that.

Your user would have to manually import your CA into their certificate store, and in most cases I guess that would be seen as a security risk.

If this doesn't have anything to do with transport/https, and you are only talking about exchaning certificates as files, maybe there is some npm module to do this, but I believe that at that point it is very far away from the scope of Apollo Client.

@RunCor399
Copy link
Author

RunCor399 commented Jan 9, 2024
edited
Loading

Thank you @phryneas for your feedback. I'm actually in need of not just transfering the certificate but also to perform validation of the one coming from Hasura (actually from an nginx rev proxy).

Even though I would have preferred another option, integrating the CA certificate in the browser seems the best choice also considering that the application is conceived for internal use by employees of a company only.

@phryneas
Copy link
Member

With your question answered and this really being out of our control, I'm going to close this issue. Please don't hesitate to reopen if you have any follow-up questions :)

@github-actions GitHub Actions
Copy link
Contributor

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
For general questions, we recommend using StackOverflow or our discord server.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phryneas @RunCor399