CORS issue with client-side graphql



I’m currently implementing a Vuejs front-end and using apollo-graphql to try and access the information from our Realm. I’m able to authenticate because when the browser does an OPTIONS request on /auth it returns back the necessary headers to allow CORS and my POST request for authentication and authorization come back just fine. However, when I do a request for a query I’m getting the following from Chrome:

Failed to load https://my cloud instance/graphql/userInfo: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:8080’ is therefore not allowed access. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.

The interesting thing here is that on the OPTIONS request that Chrome does ahead of time there’s no CORS headers being returned back that it typically looks for.
Here’s the OPTIONS request for /auth

Connection: keep-alive
Content-Encoding: gzip
Content-Type: application/json; charset=utf-8
Date: Wed, 13 Jun 2018 23:29:26 GMT
ETag: W/"327-om+nA0vSuQiURcLpm4xCgPgl/z0"
Server: nginx/1.13.5
Transfer-Encoding: chunked

Here is the OPTIONS request for /graphql/userInfo

Connection: keep-alive
Content-Length: 13
Content-Type: text/html; charset=utf-8
Date: Wed, 13 Jun 2018 23:29:28 GMT
ETag: W/"d-bMedpZYGrVt1nR4x+qdNZ2GqyRo"
Server: nginx/1.13.5

Would you happen to have any insight into this?


This is an oversight that we’ll correct shortly. If you PM me the name of your instance, I can deploy a new version with proper CORS configuration.


Unfortunately the forum will not allow me to PM you…

Sorry, you cannot send a personal message to that user.

One of my colleagues has posted the instance below



I’ve upgraded you to the latest version of the GraphQL service - let me know if that fixes your issue.


Just tested it out and it appears to be working now!

Preflight response:
Access-Control-Allow-Headers: authorization,content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: *
Connection: keep-alive
Content-Length: 0
Date: Thu, 14 Jun 2018 13:02:27 GMT
Server: nginx/1.13.5
Vary: Access-Control-Request-Headers


@nirinchev Our instance is now stuck at “Your instance is getting ready”.

What happened to it?


Sorry about that - we identified an issue with the GraphQL explorer (the one you have on /graphql/explore/%realm-path%) and I wanted to deploy a new version that fixes it. It should be all good now.


Thanks for resolving that @nirinchev.