Stephen Murray
Sep 2, 2018 · 1 min read

GraphQL does not insulate you from CORS headaches at all. If your remote APIs are hosted on another domain (or subdomain), the browser will prevent the request from hitting the network unless CORS headers are enabled on your backend.

There are plenty of examples of people configuring this on github and elsewhere.

e.g.

https://itnext.io/create-your-first-graphql-app-and-set-an-auth-middleware-2dd841f714c2

https://www.prisma.io/blog/enabling-cors-for-express-graphql-apollo-server-1ef999bfb38d/

    Written by

    Distributed Systems Engineer, Node.js. Currently Director of Engineering & Founding Member @StarryInternet. Formerly @Aereo.

    Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
    Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
    Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade