Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Configuring CORS #2752

Closed
2 tasks done
rhutchison opened this issue Mar 28, 2023 · 4 comments
Closed
2 tasks done

Configuring CORS #2752

rhutchison opened this issue Mar 28, 2023 · 4 comments
Labels
needs triage

Comments

@rhutchison
Copy link

Did you read the migration guide?

  • I have read the whole migration guide

Is there an existing issue that is already proposing this?

  • I have searched the existing issues

Potential Commit/PR that introduced the regression

PR #2636

Versions

10.2.0 -> 11.0.4

Describe the regression

Support for configuring CORs was removed.

It looks like the changes to support new apollo server was done as suggested in the guide:

951f907#diff-c3a3b52cf11536118537eaffe950a721dd8246bde13d7681c96678d85bec445fR159

then later removed:

1e099fa#diff-c3a3b52cf11536118537eaffe950a721dd8246bde13d7681c96678d85bec445fL144

Minimum reproduction code

GraphQLModule.forRoot<ApolloDriverConfig>({
  driver: ApolloDriver,
  autoSchemaFile: true,
  sortSchema: true,
  cors: {
    credentials: true,
    origin: ['https://www.your-app.example'],
  },
})

Expected behavior

From the documentation:

The startStandaloneServer function's CORS configuration is unalterable and enables any website on the internet to tell a user's browser to connect to your server. Depending on your use case, you might need to further customize your CORS behavior to ensure your server's security.

Other

No response
@kamilmysliwiec
Copy link
Member

You should be able to just follow this guide now https://docs.nestjs.com/security/cors

@magrinj
Copy link

magrinj commented Mar 28, 2023

@kamilmysliwiec Actually the guide you just linked show a cors option in the GraphQLModule but this one is not available anymore. I guess it's what @rhutchison is referencing.

@kamilmysliwiec
Copy link
Member

Great catch @magrinj! I just removed the entire GraphQL-related section - cors option has been removed in Apollo v4 (which is great since we didn't need that either way) and everyone should now be able to just use the enableCors() method - regardless of whether they build a GQL or REST API

@rhutchison
Copy link
Author

Great catch @magrinj! I just removed the entire GraphQL-related section - cors option has been removed in Apollo v4 (which is great since we didn't need that either way) and everyone should now be able to just use the enableCors() method - regardless of whether they build a GQL or REST API

Thanks - this simplifies things.

Ref: nestjs/docs.nestjs.com@474491c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rhutchison @magrinj @kamilmysliwiec