Access Blitz endpoints from a different app

[benjakugler96]

Hi!
Right now I have one Blitz application and a Chrome extension built with React. I have regular and Google authentications in the blitz app and I'm able to hit the /api/auth/mutations/login endpoint and authenticate from the React app. Problem is that to access any other endpoint that is generated from a query or mutation that uses ctx.session.authorize(), I keep getting a 401. I'm hardcoding the anti-csrf header using a valid token (taken from the logged in user session). The only difference I can see from a Blitz api call and an api call madre from the react app, is the Cookie header. Is there any easy way to do this? Probably its something I'm doing wrong. Do you know about any example already doing this?

[flybayer]

When using fetch, you will need to set credentials: 'include'. Also you will need to set the anti-csrf header to the anti-csrf cookie value. See https://blitzjs.com/docs/session-management#manual-api-requests (I can see this section needs improved for cases like yours - PR would be amazing if you have time)

[cesarve77]

Could you solve it?
I am trying to do the same (chrome extension)
I can't get a simple api call for a non logged user, (no need ctx.session.authorize())
I can't get the cookie value (cookies are empty in default_popup)

Any help is appreciate

[flybayer]

Please share your code and logs so we can help :)