diff --git a/core/build.go b/core/build.go
index d8193159..ad1dc5ec 100644
--- a/core/build.go
+++ b/core/build.go
@@ -30,7 +30,7 @@ func (gj *graphjin) compileQuery(qr queryReq, role string) (*queryComp, error) {
 	qcomp := &queryComp{qr: qr}
 
 	if !gj.prod || gj.conf.DisableAllowList {
-		var userVars map[string]json.RawMessage
+		userVars := make(map[string]json.RawMessage)
 
 		if len(qr.vars) != 0 {
 			if err := json.Unmarshal(qr.vars, &userVars); err != nil {
@@ -55,8 +55,8 @@ func (gj *graphjin) compileQuery(qr queryReq, role string) (*queryComp, error) {
 		}
 
 		// Overwrite allow list vars with user vars
-		// qcomp.qr.vars = qr.vars
-		// qcomp.qr.ns = qr.ns
+		qcomp.qr.vars = qr.vars
+		qcomp.qr.ns = qr.ns
 	}
 	return qcomp, err
 }
diff --git a/package.json b/package.json
index c8888424..a058b14d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "graphjin",
-  "version": "2.0.13",
+  "version": "2.0.14",
   "description": "GraphJin - Build APIs in 5 minutes with GraphQL",
   "type": "module",
   "main": "./wasm/js/graphjin.js",
diff --git a/serv/auth/auth.go b/serv/auth/auth.go
index 83d3ac9c..bfdf1f6c 100644
--- a/serv/auth/auth.go
+++ b/serv/auth/auth.go
@@ -282,7 +282,7 @@ func HeaderHandler(ac Auth) (HandlerFunc, error) {
 }
 
 func IsAuth(c context.Context) bool {
-	return c.Value(core.UserIDKey) != nil
+	return c != nil && c.Value(core.UserIDKey) != nil
 }
 
 func UserID(c context.Context) interface{} {
diff --git a/wasm/graphjin.wasm b/wasm/graphjin.wasm
index 7b362819..4f823158 100755
Binary files a/wasm/graphjin.wasm and b/wasm/graphjin.wasm differ