I am attempting to connect to contentfuls graphql api, which always returns 'Access-Control-Allow-Origin': '*'. If credentials are specified, then the preflight check will fail due to a cors issue:
Access to XMLHttpRequest at 'https://graphql.contentful.com/content/v1/spaces/{space hidden for security}/environments/{environment}' from origin 'http://localhost:4500' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
I am creating the apollo client as follows.
/* graphql.module.ts */
const uri = "my-graphql-endpoint"; // <-- add the URL of the GraphQL server here
const headers = new HttpHeaders({
Authorization: "Bearer asdlfkjaskldf" // <-- This is required for contentful specifically,
});
export function createApollo(httpLink: HttpLink): ApolloClientOptions<any> {
return {
link: httpLink.create({
uri,
headers,
withCredentials: false
}),
cache: new InMemoryCache()
};
}
I should not be seeing the cors issue, since I have set withCredentials to false, however i am seeing the cors issue.
To Reproduce
Steps to reproduce the behavior:
Install apollo-angular via the angular cli (per the docs)
Inside your graphql.module.ts, set up your URL to point to a cross-origin domain which will return 'Access-Control-Allow-Origin': '*' in the header.
Make a query somewhere
Observe in the console, a cors error
Expected behavior
We should not see the cors error for endpoints where 'Access-Control-Allow-Origin': '*' is set.
Describe the bug
I am attempting to connect to contentfuls graphql api, which always returns
'Access-Control-Allow-Origin': '*'
. If credentials are specified, then the preflight check will fail due to a cors issue:I am creating the apollo client as follows.
I should not be seeing the cors issue, since I have set withCredentials to false, however i am seeing the cors issue.
To Reproduce
Steps to reproduce the behavior:
graphql.module.ts
, set up your URL to point to a cross-origin domain which will return'Access-Control-Allow-Origin': '*'
in the header.Expected behavior
We should not see the cors error for endpoints where
'Access-Control-Allow-Origin': '*'
is set.Environment:
MacOS (Apple m1 pro)
Additional context