Why cant I send httponly cookies with Apollo Client (but works with simple XHR request)

[dizzersee]

If I simply do this then cookie header is being sent:

var xhr = new XMLHttpRequest();
xhr.open('POST', 'http://desk/graphql', true);

xhr.onload = function () {
  // Request finished. Do processing here.
};

xhr.send(null);

But they are not being sent with my ApolloClient setup (does not work on both secret and normal client). It works on Chrome, Firefox, but not on Edge or Chrome Mobile. Cookies are Http only and its not a cross domain issue (I use same domain http://desk). Cant figure out why it doesnt work:

const httpLink = new HttpLink({
  uri: "http://desk/graphql" // You should use an absolute URL here
});

const apolloClient = new ApolloClient({
  link: httpLink,
  cache: new InMemoryCache(),
  connectToDevTools: true
});

const httpLinkSecret = new HttpLink({
  // You should use an absolute URL here
  uri: "http://desk/somepost"
});

var csrfToken = window.csrfToken;
Vue.prototype.csrfToken = window.csrfToken;
const authMiddleware = new ApolloLink((operation, forward, error) => {
  // add the authorization to the headers
  operation.setContext({
    headers: {
      "X-CSRF-TOKEN": csrfToken,
    }
  });
  return forward(operation);
});


const apolloClientSecret = new ApolloClient({
  link: authMiddleware.concat(errorLink).concat(httpLinkSecret),
  cache: new InMemoryCache(),
  connectToDevTools: true
});

const apolloProvider = new VueApollo({
  clients: {
    default: apolloClient,
    secret: apolloClientSecret
  },
  defaultClient: apolloClient
});

[Akryum]

If you are using HTTP only cookies, your issue lies elsewhere, it's not from your JS code.

[scottix]

You might want to look here https://www.apollographql.com/docs/react/networking/basic-http-networking/#including-credentials-in-requests