search

magento / community-features

Magento Features Development is an Initiative to Allows Community Memebers Join to Development of Magento Features
46 stars 18 forks source link

Cross-Origin Resource Sharing (CORS) support for GraphQL endpoint #232

Open herzog31 opened 4 years ago

herzog31 commented 4 years ago

Consuming Magento GraphQL from a client-side applications (SPA, PWA) is limited because of missing CORS [0] headers. Whenever the client-side application is served from a hostname that is different from the Magento GraphQL endpoint, the browser will check for the presence of CORS headers and only if the headers are present and the consuming hostname is whitelisted the client-side application can consume the GraphQL endpoint.

Ideally the headers can be configured from the Magento admin UI or in the configuration before deployment.

Are there any best practices around the topic? Are there recommended workarounds or patterns that can be used?

[0] https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

damienwebdev commented 4 years ago

@herzog31 shameless self-plug... https://github.com/graycoreio/magento2-cors