This repository has been archived by the owner on May 31, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Apollo Server CORS whitelist #2596
Comments
Are you up to date on devel? Will check but I indeed forgot same origin scenario in the first implementation. I think it's fixed in a recent commit. |
You should have this:
The case "!origin" correspond to same-origin requests, so the app itself. |
I think I've reproduced that in Vulcan Meteor Next Transition, see sample settings: https://github.com/VulcanJS/Vulcan-Starter/blob/33a23bc3c22b6d5d73071d0b7f1c863f01149cc5/sample_settings.json |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I tried specifying the
apolloServer.corsWhitelist
setting to enable Apollo Studio's Explorer to work. This worked well enough, but GraphQL requests coming from the app itself then started to fail until I explicitly added it.I think even with the whitelist option specified, we should probably make an exception so that requests coming from the app always work?
The text was updated successfully, but these errors were encountered: