search

aws / aws-appsync-community

The AWS AppSync community
https://aws.amazon.com/appsync
Apache License 2.0
506 stars 32 forks source link

Question: How to setup cors policy in Appsync #318

Open arjavsethi opened 12 months ago

arjavsethi commented 12 months ago

I have created a form using Nextjs + AWS Appsync API, I want to embed that form into another website (WordPress) , While submitting the website send a status code 401, I have not set up a cors policy on my API.Neither I can find a setting in my AWS console to add Cors for app sync , my stack code:-

  // Create the AppSync GraphQL API
    const api = new sst.AppSyncApi(this, 'graphql', {
      graphqlApi: {
        schema: schemas,
        authorizationConfig: {
          defaultAuthorization: {
            authorizationType: AuthorizationType.USER_POOL,
            userPoolConfig: {
              userPool: userPol,
              defaultAction: UserPoolDefaultAction.ALLOW,
            },
          },
          additionalAuthorizationModes: [
            {
              authorizationType: AuthorizationType.API_KEY,
              apiKeyConfig: {
                expires: Expiration.after(Duration.days(365)),
              },
            },
          ],
        },
      },
      defaultFunctionProps: {
        timeout: 60,
        environment: {
          SENDER_EMAIL: SENDER_EMAIL || '',
          DATABASE: ``,
          USER_POOL_ID: USER_POOL_ID,
          SNS_ORIGINAL_NUMBER: SNS_ORIGINAL_NUMBER,
          GRAPHQL_API_URL: process.env.GRAPHQL_API_URL || '',
          GRAPHQL_API_KEY: process.env.GRAPHQL_API_KEY || '',
          ONESIGNAL_API_KEY: process.env.ONESIGNAL_API_KEY || '',
          ONESIGNAL_APP_ID: process.env.ONESIGNAL_APP_ID || '',
          DISTRIBUTION_ID: DISTRIBUTION_ID || '',
          FRONTEND_URL,
          STAGE: scope.stage,
          USERS_FORM_SLUG,
        },
      },
      dataSources: dataSources,
      resolvers: { ...resolvers },
    });
onlybakam commented 8 months ago

AWS AppSync supports CORS, but does not support cookies as an authorization method