sanic-graphql icon indicating copy to clipboard operation
sanic-graphql copied to clipboard

Published 20 hours ago verified publisher icon graphql-python

Handle Access-Control-Allowed-Headers in CORS preflight

Open jakedt opened this issue 7 years ago • 4 comments

The CORS implementation added by the fix/preflight branch is incomplete. You must also respond to the headers requests. My client (graphiql on chrome) is trying to use a content-type header, and is therefore being rejected.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Headers

Also, kind of surprising that CORS is enabled by default. You may want to put a warning somewhere in the readme!

jakedt avatar May 09 '17 04:05 jakedt

Just found the build-in graphiql support, doesn't change the issue but is a great workaround in the meantime. Thanks!

jakedt avatar May 09 '17 05:05 jakedt

Hi @jakedt !

Thanks for report, I'll look into it soon.

I guess you are right about enabling CORS by default, I'll add an option for it.

grazor avatar May 09 '17 09:05 grazor

I got tripped up by this too. Is anyone doing something on this? If not, I might add a PR.

ahopkins avatar Aug 16 '17 23:08 ahopkins

CORS(app, automatic_options=True) - I did this to get things working. Doesn't fix the real issue here, but at least is a work around.

dpnova avatar Sep 03 '17 11:09 dpnova