Sep 2, 2018 · 1 min read
GraphQL does not insulate you from CORS headaches at all. If your remote APIs are hosted on another domain (or subdomain), the browser will prevent the request from hitting the network unless CORS headers are enabled on your backend.
There are plenty of examples of people configuring this on github and elsewhere.
e.g.
https://itnext.io/create-your-first-graphql-app-and-set-an-auth-middleware-2dd841f714c2
https://www.prisma.io/blog/enabling-cors-for-express-graphql-apollo-server-1ef999bfb38d/
