- Hasura Platform
- Getting started
- Installing the Hasura CLI
- The complete tutorial
- GraphQL tutorial
- Hasura project
- Hasura cluster
- Project microservices
- API Console
- Auth
- Data (GraphQL/JSON APIs)
- Filestore
- Notify (Sending emails/SMS)
- Postgres
- API gateway
- Hasura Hub
- Hasura CLI reference
- Hasura API reference
- Guides
- Installing Hasura on a Kubernetes Cluster
- Hasura architecture
- Billing for Hasura
- Moving to v0.16 from v0.15
- Moving to v0.15 from older versions
CORS Settings¶
Browsers enforce the same-origin policy which prevents JavaScript from making requests across domain boundaries. By default, the gateway has CORS policy which is configured to allows requests from *.<cluster-name>.hasura-app.io.
Sometimes during development we may want to let the gateway allow requests from js on some app running locally.
To do this, head to your Hasura project folder. Inside conf/routes.yaml, there is a corsPolicy configuration.
Can take the following 3 values:
- “allow_all”: Cross origin requests from any domain are allowed Eg. corsPolicy: allow_all
- “upstream” : The upstream service should handle CORS requests. Eg. corsPolicy: upstream
- Array of allowed origins: This allows the listed origins along with all the subdomains on the current domain to make CORS requests.
For an app running locally, this is usually something like localhost:3000 (note that the port is necessary, wherever your local app is running) and this would come under array of allowed origins.
Example:
api:
/:
upstreamService:
name: auth
namespace: {{ cluster.metadata.namespaces.hasura }}
upstreamServicePath: /
upstreamServicePort: 80
corsPolicy: allow_all
Was this page helpful?
