Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to configure CORS? #234

Open
davisuga opened this issue Jul 1, 2022 · 3 comments
Open

How to configure CORS? #234

davisuga opened this issue Jul 1, 2022 · 3 comments
Labels
📚 docs ⭐ good first issue 🎓 study

Comments

@davisuga
Copy link
Contributor

davisuga commented Jul 1, 2022

I'm getting the following error while using Dream.graphql it with a frontend React app (running in a different port):

01.07.22 01:06:18.720       dream.log  INFO REQ 26 OPTIONS /graphql 127.0.0.1:39404 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 6
01.07.22 01:06:18.720   dream.graphql ERROR REQ 26 Method OPTIONS; must be GET or POST
01.07.22 01:06:18.720       dream.log  WARN REQ 26 404 in 184 μs
It's from a different port so it will request OPTIONS to the server, but the endpoint is not configured for it
@davisuga
Copy link
Contributor Author

davisuga commented Jul 1, 2022
edited

Fixed by adding a cors bypass middleware:

let cors_middleware inner_handler req =
  let new_headers =
    [
      ("Allow", "OPTIONS, GET, HEAD, POST");
      ("Access-Control-Allow-Origin", "*");
      ("Access-Control-Allow-Headers", "*");
    ]
  in
  let+ response = inner_handler req in

  new_headers
  |> List.map (fun (key, value) -> Dream.add_header response key value)
  |> ignore;

  response

and an OPTIONS route

Dream.options "/graphql" (fun _req ->
           Dream.respond ~headers:[ ("Allow", "OPTIONS, GET, HEAD, POST") ] "");

Of course, I need to change the allowed origin when changing to production.
I will close this issue if I couldn't find any better solution.

@sangwoo-joh
Copy link

Thank you. I made similar middleware too:

let cors_middleware handler req =
  let handlers =
    [ "Allow", "OPTIONS, GET, HEAD, POST"
    ; "Access-Control-Allow-Origin", "*"
    ; "Access-Control-Allow-Methods", "OPTIONS, GET, HEAD, POST"
    ; "Access-Control-Allow-Headers", "Content-Type"
    ; "Access-Control-Max-Age", "86400"
    ]
  in
  let%lwt res = handler req in
  handlers
  |> List.map (fun (key, value) -> Dream.add_header res key value)
  |> ignore;
  Lwt.return res

@aantron aantron added this to the alpha6 milestone Apr 17, 2023
@aantron
Copy link
Owner

aantron commented Apr 22, 2023

Thank you! CORS is something that is probably best handled by Dream by offering an example. It's actually in the examples roadmap, but I haven't had time to create it yet. If some really common patterns emerge, maybe something is worth merging into Dream code.

@aantron aantron removed this from the alpha6 milestone Apr 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
📚 docs ⭐ good first issue 🎓 study
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aantron @sangwoo-joh @davisuga