graphql-server-lambda does not able to config CORS origin

[kkpoon]

While serving GraphQL on AWS Lambda via API Gateway,
the graphql-server-lambda not able to response with access-control-allow-origin in header

This makes the graphql-server-lambda unable to serve CORS.

[soda0289]

The graphql-server does not create CORS requests for any integration you have to handle them yourself.

For API gateway you should be able to enable CORS following the instructions here:
http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html

I have not tested this myself so I'm not 100% sure if it will append the correct header on output. I think it will create the OPTIONS method endpoint.

If you want to change the headers that are sent from graphql-server-lambda you can do so like this:

exports.graphqlHandler = function(event, context, callback)  {
    const callbackFilter = function(error, output) {
        output.headers['Access-Control-Allow-Origin'] = '*';
        callback(error, output);
    };
    server.graphqlLambda({ schema: myGraphQLSchema })(event, context, callbackFilter);
};

Let me know if you have any problems.

[kkpoon]

@soda0289
In API Gateway, when I enable the CORS to the endpoint, it helps me to create an OPTION method which mock to response http 200 with CORS header.

However, for the actual request to lambda, the corresponding CORS header should be set by the lambda function.

the code block provided by you works for me. And I think this solution is good to be documented in packages/graphql-server-lambda/README.md

I could help on this in the coming weekend.

[soda0289]

I will look into updating the documentation. There have been a couple questions on how to read and modify headers from the handler. We might want to add CORS as a feature of server itself but that could be out of the scope of this project.

[jangerhofer]

@soda0289 Thanks for linking me over -- I missed this issue in my initial search for information. I think your sample above is a good solution as it keeps the signature as simple as possible for those not worried about custom headers.

Before I posted in the other issue, I read through most of the developer documentation and saw only a few indirect references to CORS support in the current versions of graphql-server and apollo-client. I remember there being a better run-down in a past version of the documentation (probably eight or nine months ago) and I think it would be a good idea to restore a good guide to setting up GraphQL across origins.

Particularly with Lambda, with which setting up a Gateway on the same domain as the web server is a practical nightmare, I think there is room for improvement in the docs. Can I be of assistance in updating the documentation with your above code and a brief explanation of CORS setup?

[soda0289]

@jangerhofer Sure if you have some free time I'd be happy to review an update to the documentation. Are you thinking to update the graphql-sever-lambda README or the https://github.com/apollographql/tools-docs ?

[soda0289]

@kkpoon @jangerhofer

I finally got around to updating the AWS Lambda README.
#330

Let me know if you think we need more details. We still might need some more documentation on the tools website but I don't have time this week to do an update.

[cesargdm]

Since in Node 8.X runtime the callback parameter is removed; how the output headers can be modified?

[Marabyte]

@cesargdm

graphql-server-lambda uses the expressjs CORS options

ie:

export const graphQl = server.createHandler({
  cors: {
    origin: '*',
    methods: 'POST',
    allowedHeaders: [
      'Content-Type',
      'Origin',
      'Accept'
    ]
  }
});

Hope this helps!