graphql-engine icon indicating copy to clipboard operation
graphql-engine copied to clipboard

Published 20 hours ago verified publisher icon hasura

CORS Wildcards: Support partially-specified subdomains

Open EdNutting opened this issue 2 years ago • 0 comments

Is your proposal related to a problem?

We have Netlify preview builds enabled and would like to restrict (but enable) our Hasura GraphQL API to receive requests from the preview builds of our frontend. Netlify provides urls of the form https://{build id}--{project name}.netlify.app.

Unfortunately, the following wildcard CORS setting doesn't work at the moment: https://*--{project name}.netlify.app.

Describe the solution you'd like

I would like CORS domains to permit wildcards in subdomain prefixes so that, for example, the following pattern would match the following example:

Pattern: https://*--my-awesome-frontend.netlify.app Example: https://somerandomid--my-awesome-frontend.netlify.app

Describe alternatives you've considered

We considered allowing requests from https://*.netlify.app but then anyone could build a frontend on their own project and issue requests against our API. This would defeat the point of using CORS.

If the feature is approved, would you be willing to submit a PR?

I am not able to undertake the development of this feature.

EdNutting avatar Feb 28 '22 20:02 EdNutting