View more context



CORS has been quite a pain for a lot of devs, I feel ya, I've had to figure it out a lot, because GraphQL does not work with CORS nicely when the endpoint has CORS enabled


Show 1 attachment(s)
What is CORS? | Codecademy

Resources on servers (like web pages) often make requests to load resources on other servers. In this article, you'll learn how these requests are managed with CORS.. Codecademy is the easiest way to learn how to code. It&#39s interactive, fun, and you can do it with your friends.

Hide attachment content

That's quite a readable and friendly explanation of what CORS is


yeah, CORS has way too many switches to is to dot and ts to cross


In the very basics, it's saying "Your neighbour should not be able to request information from your home"


But it's switches, options, etc...... are.... too much to handle. It's actually why CSP came to life, because it's more logical and controllable than CORS


Yet, CORS exists, and it's an accepted standard, so you'll have to work with it.


Is there a way to have 2 seperate middleware setups for a graphql api? a webapp needs to use the API and use JWT with CSRF middleware disabled, while another webapp simply needs to use the CSRF token to use the api ( no login )