GraphQL Fetcher authorization headers are all in plain text

If I’m exporting the code to GitHub, you store the GraphQLFetcher Authorization Header as plain text. Would be important, if you at least create a variable and move the content to an .env file or something like that.


Yes we should make a note of this, as all fetchers support working from the client (for instance, refetching in response to updating state).

Pure server-side fetching is coming in later months.

Maybe as alternative: Fetching the authorization header as access token from the local storage - thats also the way, how we’re currently doing it in production - user logs in > receives an access token > access token is used in authorization header @yang