ApolloServer CORS defaults can not be changed #1326
Labels
⛲️ feature
New addition or enhancement to existing solutions
🌹 has-reproduction
❤ Has a reproduction in Glitch, CodeSandbox or Git repository.
Comments
ghost
added
🌹 has-reproduction
|
The default is good for most cases, but makes sense that it should be a default and could be overriden if one developer wants it... |
|
Yes, we have the same issue! We need to customize the CORS filter too and don't use the default. |
|
Thank you for the issue! We've added a cors option to apollo-server in the constructor with #1335, since it's a production necessary configuration. It will be in the next RC |
|
Wow, @evans! That was fast. Thanks for your PR. Have the next RC any planed release schedule or something we can use to estimate? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello.
Currently
apollo-serverinsertsAccess-Control-Allow-Origin: *by default to ease development (https://github.com/apollographql/apollo-server/blob/version-2/packages/apollo-server/src/index.ts#L77).This defaults seems reasonable but for production and certain configurations you may want to change it. For example, in our company we prefer to manage CORS with a reverse proxy so our API is more secure and IT can perform changes without touching API code.
Currently, changing this CORS default seems to be impossible with
apollo-server(#1142). As Apollo Server v2 is in Release Candidate we understand this kind of features have not yet implemented.I open this issue to enable discussion and know what is the maintainers opinion about CORS management and
apollo-serverv2.The text was updated successfully, but these errors were encountered: