Modify access-control-allow-origin header on api request(Graphql) #710
Comments
|
Hey @mdivani 👋 thanks for raising this! Unfortunately this is not currently possible today. What, if anything particular, are you wanting to customize with the current CORS behavior? |
|
Hey Team. We are also quite keen on having this feature for AppSync. We can work around it with a Cloudfront Distribution but it would be simplier if we were able to override the '*' access control header by using $util.http.addResponseHeader(), which at the moment appears to be blocked. In our case we just wish to limit who can call the API in the browser to a limited list of domains rather than allowing everyone. |
|
@JonMGC is there any documentation for how you did this with a cloudfront distribution? |
|
@jamesclancy You can set AppSync API as an origin for Cloudfront, then modify the Access-Control-Allow-Origin header: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/modifying-response-headers.html Just to clarify this is for a Cloudfront distribution provisioned through CDK. I am not sure if/how you can do this with Amplify. |
josefaidt
added
feature-request
We need to set cors rules on appsync to pass security checks but I was unable to find option to modify cors headers, is it even possible with amplify and appsync?
The text was updated successfully, but these errors were encountered: