Cross-Origin Request Blocked => to fix it, I need to remove `credentials` in `fetch` call

[harobed]

I use graphql-voyager in this Proof of Concept poc-postgraphile-forum.

I have my graphql server on http://127.0.0.1:5000/graphql (powered by postgraphile).

graphql-voyager is exposed on http://127.0.0.1:3001 and load graphql schema on http://127.0.0.1:5000/graphql.

Problem: I have this error in my browser:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:5000/graphql. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://127.0.0.1:5000/graphql. (Reason: CORS request did not succeed).
TypeError: NetworkError when attempting to fetch resource.

To fix it, I need to remove credentials in fetch call, it is this line:

https://github.com/APIs-guru/graphql-voyager/blob/aea16b545e61c31a4de6cbbc833d94d596fb42db/src/middleware/render-voyager-page.ts#L53

At this time, I don't understand what is the credentials option aim.

Possible line of approach to fix it:

1. remove credentials option if it is useless
2. add graphql-voyager configuration option to enable / disable credentials option

[mrthankyou]

I experienced this issue as well. In my case I would prefer to be able to set the HTTP conditions on my own rather than the app assume what my HTTP conditions are.

[usmcamp0811]

I am running into this same problem. I am using Graphene + Flask in Docker to build out an API and wanted to also use Voyager but can't load the schema due to CORS error.