![]() Some browsers, such as Chrome, have features under development to solve this problem. If you don't, while your personal computer is on your private network, a script on any website could potentially make your browser talk to your private API. Instead, we recommend swapping to another Apollo Server integration to customize your server's CORS behavior by specifying origins. Specifically, the startStandaloneServer function's CORS behavior is not secure in this context. If your browser is running your API on a private network (i.e., not on the public internet) and it relies on the privacy of that network for security, we strongly recommend specifying which origins can access your server's resources. The Access-Control-Allow-Origin header (ACAO) enables a server to dictate which origins can use scripts to access that server's resources.ĭepending on what you're building, the origins you specify in your CORS configuration might need to change when you're ready to deploy your application.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |