Handle Access-Control-Allowed-Headers in CORS preflight #4
Comments
|
Just found the build-in graphiql support, doesn't change the issue but is a great workaround in the meantime. Thanks! |
|
Hi @jakedt ! Thanks for report, I'll look into it soon. I guess you are right about enabling CORS by default, I'll add an option for it. |
|
I got tripped up by this too. Is anyone doing something on this? If not, I might add a PR. |
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The CORS implementation added by the fix/preflight branch is incomplete. You must also respond to the headers requests. My client (graphiql on chrome) is trying to use a content-type header, and is therefore being rejected.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Headers
Also, kind of surprising that CORS is enabled by default. You may want to put a warning somewhere in the readme!
The text was updated successfully, but these errors were encountered: