-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS does not allow * wildcard with current apollo graphiql implementation #514
Comments
Ooh, hmm. Should we switch the default credentials to |
https://developer.mozilla.org/en-US/docs/Web/API/Request/credentials CORS is not my strong suit but that appears to be the correct option. Unless this should be a config thing, as it appears that some people are using cookies while others need an API to be publicly accessible from arbitrary users. |
Oh I mean on the GraphiQL side - we can change the way it sends the cookies to avoid the error. We can replace |
Yes I agree, sorry if I wasn't clear. |
Awesome - mind sending a PR for that? |
* Move from credentials: 'include' to 'same-origin' See Discussion: #514 * Update CHANGELOG.md * Update CHANGELOG.md
Can we get a feature bump on this so it can be used? |
Seems to be solved in |
Thanks! |
Expected:
Actual:
Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin '<location>' is therefore not allowed access.
Cause: https://github.com/apollographql/apollo-server/blob/master/packages/apollo-server-module-graphiql/src/renderGraphiQL.ts#L147
The text was updated successfully, but these errors were encountered: