search

markhuot / craftql

A drop-in GraphQL server for Craft CMS
Other
320 stars 53 forks source link

Access to fetch has been blocked by CORS policy #340

Open pedroandradef opened 4 years ago

pedroandradef commented 4 years ago

Im using Apollo with Graphql Code Generator to do some queries but all responses has been blocked. Its just to learn so no envs there. Screen Shot 2020-11-18 at 3 46 42 PM Screen Shot 2020-11-18 at 3 46 32 PM Screen Shot 2020-11-18 at 5 22 03 PM

maxfrischknecht commented 3 years ago

You need to address this issue on the server side rather than the client side. Add the following code to the bottom of the .htaccess in the /web folder:

<ifModule mod_headers.c>
  Header always set Access-Control-Allow-Origin "*"
  Header always set Access-Control-Allow-Headers "accept,authorization,content-type,origin,x-auth-token"
  Header always set Access-Control-Allow-Methods "PUT,POST,GET,OPTIONS,ORIGIN"
</ifModule>

It is not recommended to use Header always set Access-Control-Allow-Origin "*"from a security perspective. So rather use the direct domain from where your frontend will be calling the api when you are ready for production.