8

I am currently trying to deploy my NestJS server using Graphql on Google Cloud Run. I also have a React app that I use as a client, that I hosted on Netlify.

I am getting the following CORS (Cross Origin Resource Sharing) error in the console when I try to run this, however:

Access to fetch at 'https://google-cloud.run.app/graphql' from origin 'https://myapp.netlify.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

My NestJS app configuration looks as follows:

  // {cors: true}
  const app = await NestFactory.create(AppModule);
  app.enableCors({
    origin: true,
    credentials: true,
    methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
    allowedHeaders: "Content-Type,Accept,Authorization,Access-Control-Allow-Origin"
  });

In another stackoverflow post, I saw that the GraphQL CORS configuration overrides the NestJS CORS configuration, so I added the CORS logic also into the GraphQL app.module.ts as follows:

@Module({
  controllers: [],
  imports: [
    ...,
    GraphQLModule.forRootAsync({
      useFactory: (configService) => {
        const playground = configService.get("GRAPHQL_PLAYGROUND");
        const introspection = configService.get("GRAPHQL_INTROSPECTION");
        return {
          autoSchemaFile: true,
          playground,
          introspection: playground || introspection,
          cors: {
            credentials: true,
            origin: true,
            methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
            allowedHeaders: "Content-Type,Accept,Authorization,Access-Control-Allow-Origin"
          },
          context: ({req}) => {
            return {req};
          },
          installSubscriptionHandlers: true
        };
      },
      inject: [ConfigService],
      imports: [ConfigModule]
    }),
...

When I run the client from localhost, and when there is a direct connection to the Google Cloud Run Container, everyting works fine at this point, and I don't receive any CORS errors. I am using the Apollo GraphQL client to make the API requests.

When I use the Netlify Client, however, I get the CORS issue above.

Any idea on how to address this? Is this a Netlify issue? Is this a Google Cloud Run Issue? Or am I missing any headers with the CORS?

DaveTheAl
  • 1,995
  • 4
  • 35
  • 65
  • 1
    Have you tried going through Mozilla's CORS page? It might help you know more about the topic. Here is the link https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS. – Desire Kaleba May 28 '21 at 13:22
  • 1
    Does your graphql server have some sort of IP security enabled? Perhaps your local IP is authorized but your application server IP is not – Jonathan Crowe May 28 '21 at 13:28
  • @DesireKaleba yes I checked for many hours now. I am also looking more into the referrer policy right now (there seems to be a `strict-origin-when-cross-origin` header in the referred policy which I guess should not be there? perhaps due to netlify) – DaveTheAl May 28 '21 at 13:41
  • @JonathanCrowe No the cloudrun has no IP authorization enabled unfortunately (unfortunately because then I could dig there..) :/ – DaveTheAl May 28 '21 at 13:41
  • I get an SSL error when I visit that graph app. Perhaps solving that will fix your issue – Jonathan Crowe May 28 '21 at 14:28
  • @JonathanCrowe ah sorry, the website was just an example to make it secure... anything specific I should post from the logs? – DaveTheAl May 28 '21 at 14:37

0 Answers0