0

I have been getting below errors while trying to access graphql url from https://subdomain-b.abc.com/ service. 

POST https://subdomain-a.abc.com/graphql 504

Access to fetch at 'https://subdomain-a.abc.com/graphql' from origin 'https://subdomain-b.abc.com/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Both services are running on same aws account on Fargate with ELB sitting in front of them. Route 53 is redirecting requests to ELB.

Most of the answers I googled are related to S3 bucket which is not the case with my setup. Let me know if I can provide some more details.

Dev3100
  • 83
  • 1
  • 9

1 Answers1

1

Your GraphQL server need to add the Access-Control-Allow-Origin HTTP header to its responses.

Here is a good and comprehensive article about what CORS does and why you need it https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

morras
  • 1,102
  • 9
  • 24
  • Ah makes sense. I guess `POST https://subdomain-a.abc.com/graphql 504` error is because response header missing from graphql response? – Dev3100 Apr 10 '19 at 16:44
  • 1
    Yes most likely. You will find that you can access the API using a command line tool like CURL because it does not perform the preflight check that browsers are required to do, and as such it ignores the CORS requirements. More on that in the documentation. -- Remember that the service must also return the correct CORS headers in the http OPTIONs response as that is what the browser uses for the preflight. – morras Apr 10 '19 at 16:52
  • I get it now. Thanks for clarifying. – Dev3100 Apr 10 '19 at 17:41
  • Great! Once you have validated that this works, would you then please either accept the answer or ask more clarifying questions if it does not work – morras Apr 11 '19 at 07:34