This is sort of of a follow up of my question Build fails with 404 Not Found at Netlify function path with Apollo Client. I am implementing an Apollo graphql server using a Netlify lambda function, and while the site is in development, it is protected with Basic Authentication.
I am having a problem with the preflight OPTIONS requests done by fetch in the Apollo Client in client side. When the browser makes the OPTIONS request, it doesn’t send the Authorization header+value from my code, so the whole request is aborted.
This is browser only behavior. I can run queries against the server with curl, Postman, the Graphql Playground if they include the Authorization header, and also with the server side implementation of the Apollo Client where the headers are injected explicitly.
As stated in this answer in StackOverflow,
the server must be configured to respond to any
OPTIONSrequests (from allowed origins at least) with a 2xx success response, without requiring authentication.
My first try was to modify my function to return a status code of 200 for an OPTIONS request, but this obviously didn’t work since the request is intercepted way before it reaches the lambda.
Second, I modified my existing netlify.toml:
[[headers]]
for = "/*"
[headers.values]
Basic-Auth = "user:password"
adding,
for = ".netlify/*"
[headers.values]
Basic-Auth = ''
but this failed at build time with error Invalid Netlify configuration file: Error while decoding file /opt/build/repo/netlify.toml: Near line 7 (last key parsed 'headers'): Key 'headers.values' has already been defined.
Is there some way that I can ‘expose’ the .netlify directory without Basic Auth, while keeping the rest under password?
Thank you,
ZSC