Skip to content
This repository was archived by the owner on Dec 19, 2023. It is now read-only.

Any way to configure allowedOrigins on the graphql servlet for Cors requests? #376

Closed
Mrman opened this issue Mar 29, 2020 · 6 comments
Closed

Any way to configure allowedOrigins on the graphql servlet for Cors requests? #376

Mrman opened this issue Mar 29, 2020 · 6 comments
Labels
enhancement
Milestone
7.1.0

Comments

@Mrman
Copy link

Mrman commented Mar 29, 2020
edited
Loading

Firstly, big thanks for putting this altogether! Saved me a huge amount of time already.

From what I can see in GraphQLWebAutoConfiguration with graphql.servlet.corsEnabled=true uses the default permit all:

CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();

Am I missing where I can configure the allowedOrigins for Cors requests through config or is this not currently supported?

Cheers
@oliemansm oliemansm added this to the 7.1.0 milestone Apr 5, 2020
@oliemansm
Copy link
Member

It's not configurable at the moment. I added this for the next release. You'll be able to use the property graphql.servlet.cors.allowed-origins. The other properties of CorsConfiguration are configurable that way too.

@Mrman
Copy link
Author

Mrman commented Apr 7, 2020

Awesome, thanks @oliemansm! Looking forward to 7.1.0 being released.

@oliemansm
Copy link
Member

@Mrman You could try it out already with snapshot 7.1.0-SNAPSHOT if you want to. Just add the snapshot repository to your project: https://github.com/graphql-java-kickstart/graphql-spring-boot#snapshots.

@maxiwu
Copy link

maxiwu commented May 1, 2020
edited
Loading

@Mrman You could try it out already with snapshot 7.1.0-SNAPSHOT if you want to. Just add the snapshot repository to your project: https://github.com/graphql-java-kickstart/graphql-spring-boot#snapshots.

Will it work if I override addCorsMappings() in CorsConfiguration and @EnableWebFlux?
Which bean or class is responsible for CORS of graphql running on Netty?

UPDATE:
I made it work. But the Mapping has to be "/graphql/**"

@Thinkenterprise
Copy link

Why is it not just possible to configure using the Web MVC Configuration like this:

@Bean
public WebMvcConfigurer corsConfigurer() {
	return new WebMvcConfigurer() {
	  @Override
	  public void addCorsMappings(CorsRegistry registry) {
	    registry.addMapping("/graphql").allowedOrigins("http://someOtherOrigins");
	}
    };
}

@oliemansm
Copy link
Member

@Thinkenterprise It's just by chance I'm seeing this comment on the closed issue, but we generally don't notice these. Since we've enabled Discussions on the projects, best next time to ask the question there and link it to this issue.

Having said that I'm not sure what'll happen when you configure it using WebMvcConfigurer. When using the configuration options as provided by the library it'll create a CorsFilter bean which is used to protect the servlet.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
7.1.0
Development

No branches or pull requests
4 participants
@Mrman @maxiwu @Thinkenterprise @oliemansm