CORS question How do I setup the `ApolloApi` to allow for CO Serverless Stack #sst

CORS question: How do I setup the `ApolloApi` to a...

colin

07/22/2021, 6:04 PM

CORS question: How do I setup the

ApolloApi

to allow for CORS requests while being authenticated by Cognito Pool? The Apollo API seems to be failing on the preflight

OPTIONS

request. If I add an OPTIONS route manually to the ApiGateway with no authorization, the calls succeed and I can make graphql queries. But I’m not sure how to configure the route from the

ApolloApi

level as the

routes

param is disabled… It seems that when the Apollo API is created with a UserPoolAuthorizer, it authenticates on all routes/http methods including OPTIONS which according to the CORS spec should not have auth headers. Trying to find a way to disable that without manually updating the gateway. Any thoughts here?

Copy code

// current config
const api = new sst.ApolloApi(this, 'apollo-v2', {
      server: 'src/index.handler',
      defaultAuthorizationType: sst.ApiAuthorizationType.JWT,
      defaultAuthorizer: new HttpUserPoolAuthorizer({
        userPool,
        userPoolClient,
      }),
      cors: {
        allowOrigins: ['localhost:3000'],
        allowHeaders: ['*'],
        allowMethods: [CorsHttpMethod.ANY],
        allowCredentials: true,
      },
    })

Frank

07/22/2021, 6:24 PM

Let me take a look.

Frank

07/23/2021, 2:26 AM

Hey @colin I submitted a PR with the fix https://github.com/serverless-stack/serverless-stack/pull/591

Frank

07/23/2021, 2:27 AM

I will cut a release tonight with the fix. Will keep you posted.

Frank

07/23/2021, 10:21 AM

@colin This is fixed in v0.35.1

Frank

07/23/2021, 10:22 AM

You can remove the

OPTIONS

route manually created in the APIG console.

Frank

07/23/2021, 10:22 AM

Give it a try and let me know if this works for you!

colin

07/23/2021, 1:09 PM

oh sweeet!!

colin

07/23/2021, 1:09 PM

let me test this out

Open in Slack

Previous Next