[Feature Request] CORS on AWS AppSync GraphQL calls

[neilferreira]

It would be great if AWS AppSync was able to support CORS in a similar fashion to the AWS API Gateway and other API services.

As it stands, there is no ability to restrict the allowed hostnames to limit the use of our API.

[fedecastelli]

yeah, it would be great otherwise anyone can create a fake public website and use your API. I wonder why they didn't implement it from the beginning.