Apollo Client and Content Security Policy

chris · June 16, 2021, 11:49pm

Hello,

I am using the Apollo Client to query data from Strapi, our headless CMS.

My team added a metatag to our index.html header to prevent a Mixed Content warning that resulted in their gtags being blocked.

<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

However, now, my Apollo Client is getting blocked as Apollo Client requests via HTTP (Advanced HTTP networking - Apollo GraphQL Docs). Is there any way to get my Apollo Client functional again?

const httpLink = new HttpLink({ uri: `${config.STRAPI_EC2_INSTANCE_IP}/graphql`, useGETForQueries: true })

const client = new ApolloClient({
    link: httpLink,
    cache: new InMemoryCache()
});

...

<ApolloProvider client={client}>
    {children}
</ApolloProvider>

existdissolve · June 17, 2021, 4:05pm

Can you clarify what you mean by “getting” blocked? Does this mean your server is blocking the incoming requests, Apollo Client is itself choking, or something else?

chris · June 17, 2021, 8:06pm

Hi. I get a net::ERR_CONNECTION_REFUSED error on my GraphQL GET request query. My Apollo Client is blocked from getting fetching a GET query (Queries - Apollo GraphQL Docs).

Console Tab

chris · June 17, 2021, 8:06pm

Network Tab

Topic		Replies	Views
This operation has been blocked as a potential Cross-Site Request Forgery (CSRF) Help server	8	13132	February 13, 2023
Apollo 4 GET Sandbox causing CSRF on server Help server	13	6740	July 9, 2024
Apollo Client is not accepting CORS from SpringBoot graphQL server in TEST environment Help client	2	1233	October 31, 2023
ApolloClient gets HTML when querying graphql-yoga endpoint in NextJS 13 RCS/app dir Help client , web	1	532	April 3, 2023
Apollo client make GET request Help client , web	2	584	August 12, 2021

Apollo Client and Content Security Policy

Related topics