I’m currently implementing a Vuejs front-end and using apollo-graphql to try and access the information from our Realm. I’m able to authenticate because when the browser does an OPTIONS request on /auth it returns back the necessary headers to allow CORS and my POST request for authentication and authorization come back just fine. However, when I do a request for a query I’m getting the following from Chrome:
Failed to load https://my cloud instance/graphql/userInfo: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:8080’ is therefore not allowed access. If an opaque response serves your needs, set the request’s mode to ‘no-cors’ to fetch the resource with CORS disabled.
The interesting thing here is that on the OPTIONS request that Chrome does ahead of time there’s no CORS headers being returned back that it typically looks for.
Here’s the OPTIONS request for /auth
Access-Control-Allow-Origin: * Connection: keep-alive Content-Encoding: gzip Content-Type: application/json; charset=utf-8 Date: Wed, 13 Jun 2018 23:29:26 GMT ETag: W/"327-om+nA0vSuQiURcLpm4xCgPgl/z0" Server: nginx/1.13.5 Transfer-Encoding: chunked
Here is the OPTIONS request for /graphql/userInfo
Allow: GET,HEAD,POST Connection: keep-alive Content-Length: 13 Content-Type: text/html; charset=utf-8 Date: Wed, 13 Jun 2018 23:29:28 GMT ETag: W/"d-bMedpZYGrVt1nR4x+qdNZ2GqyRo" Server: nginx/1.13.5
Would you happen to have any insight into this?