ApolloServer CORS defaults can not be changed #1326
Labels
⛲️ feature
New addition or enhancement to existing solutions
🌹 has-reproduction
❤ Has a reproduction in Glitch, CodeSandbox or Git repository.
Hello.
Currently
apollo-server
insertsAccess-Control-Allow-Origin: *
by default to ease development (https://github.com/apollographql/apollo-server/blob/version-2/packages/apollo-server/src/index.ts#L77).This defaults seems reasonable but for production and certain configurations you may want to change it. For example, in our company we prefer to manage CORS with a reverse proxy so our API is more secure and IT can perform changes without touching API code.
Currently, changing this CORS default seems to be impossible with
apollo-server
(#1142). As Apollo Server v2 is in Release Candidate we understand this kind of features have not yet implemented.I open this issue to enable discussion and know what is the maintainers opinion about CORS management and
apollo-server
v2.The text was updated successfully, but these errors were encountered: