-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ApolloServer CORS defaults can not be changed #1326
Comments
The default is good for most cases, but makes sense that it should be a default and could be overriden if one developer wants it... |
Yes, we have the same issue! We need to customize the CORS filter too and don't use the default. |
Thank you for the issue! We've added a cors option to apollo-server in the constructor with #1335, since it's a production necessary configuration. It will be in the next RC |
Wow, @evans! That was fast. Thanks for your PR. Have the next RC any planed release schedule or something we can use to estimate? |
Hello.
Currently
apollo-server
insertsAccess-Control-Allow-Origin: *
by default to ease development (https://github.com/apollographql/apollo-server/blob/version-2/packages/apollo-server/src/index.ts#L77).This defaults seems reasonable but for production and certain configurations you may want to change it. For example, in our company we prefer to manage CORS with a reverse proxy so our API is more secure and IT can perform changes without touching API code.
Currently, changing this CORS default seems to be impossible with
apollo-server
(#1142). As Apollo Server v2 is in Release Candidate we understand this kind of features have not yet implemented.I open this issue to enable discussion and know what is the maintainers opinion about CORS management and
apollo-server
v2.The text was updated successfully, but these errors were encountered: