Open jasonmontalto opened 2 years ago
We had this Problem also! Thx for the workaround
Regards, Alois
yes i'm also confused,
i expected it would be much more transparent and delegate these sort of configuration to spring itself
but seems like i'm bound to use properties file as head first solution
(which in my case i need to use dynamic resolution for cors from a database)
i'm trying to tackle this problem in a more appropriate way as @jasonmontalto stated i neither like to tweak custom filters which i consider tricky and introducing unnecessary complexity
i expect graphql do what it claims it's doing i wouldn't like to tweak cors from within it's configuration
Bug Description I have a project that contains a both rest and graphql (via this kickstart). I have rest cors configured within a
WebMvcConfigurer
implementation that overrides theaddCorsMapping
and adds our custom cors needs. This works perfectly until I enable cors for graphql. Once cors is enabled, the custom mapping is completely ignored, causing all non graphql endpoints to no longer have cors enabled.To Reproduce
WebMvcConfigurer
and overridesaddCorsMappings
to add cors mappinggraphql.servlet.corsEnabled
Expected behavior I would assume (without any documentation suggesting otherwise) that both cors configurations should be honored.
Browser for test
Workaround Took a while to unravel what was going on, but was able to figure out a workaround by temporarily allowing overriding of beans and overriding the cors configuration bean that comes packaged with this library. This allowed me to add my custom cors implementation in addition to the graphql cors configuration. Overriding beans is not something I want to add to our codebase, but it showed a path forward.
So my solution was to not use the WebMvcConfigurer:addCorsMapping method and instead create my own custom bean that configures cors directly using CorsConfiguration. Something like below
Example of cors mapping setup:
Example of custom bean that was used as a workaround:
I am not sure if this actually a bug or expected behavior, but I found it very confusing. If it is expected behavior, would it be possible to add a note about cors configuration to the documentation?
Thanks, Jason