Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]: Dgraph.Allow-Origin CORS setting does not work as docs claim #9014

Open
ericwhitefield opened this issue Oct 9, 2023 · 0 comments
Open

[BUG]: Dgraph.Allow-Origin CORS setting does not work as docs claim #9014

ericwhitefield opened this issue Oct 9, 2023 · 0 comments
Labels
kind/bug Something is broken.

Comments

@ericwhitefield
Copy link

What version of Dgraph are you using?

Current DGraph Cloud version

Tell us a little more about your go-environment?

DGraph Cloud

Have you tried reproducing the issue with the latest release?

None

What is the hardware spec (RAM, CPU, OS)?

DGraph Cloud

What steps will reproduce the bug?

Try to apply a CORS setting. It won't work.

Expected behavior and actual result.

CORS settings get applied.

Additional information

Documentation here: https://dgraph.io/docs/graphql/security/cors/

Claims that adding config line(s) to the bottom of the Schema file will modify the Response header accordingly.

Perhaps "star" would be a special case. Or perhaps not. The Docs do not specify if a "star" would cause the Response header to contain "star", OR if the header would echo back the Referrer header of the Request. Either way, it's not currently working.

For specifically listed domains one might assume the Response header would echo back the Request's "Referrer" header.

# Dgraph.Allow-Origin "*"

Expected response header:

access-control-allow-origin: *

Actual response header: ❌

access-control-allow-origin: https://cloud.dgraph.io

# Dgraph.Allow-Origin "https://localhost:3000"
# Dgraph.Allow-Origin "https://example.com"

Expected response header from a request from https://localhost:3000

access-control-allow-origin: https://localhost:3000

Actual response header: ❌

access-control-allow-origin: https://cloud.dgraph.io

# Dgraph.Allow-Origin "https://localhost:3000"
# Dgraph.Allow-Origin "https://example.com"

Expected response header from a request from https://example.com

access-control-allow-origin: https://example.com

Actual response header: ❌

access-control-allow-origin: https://cloud.dgraph.io

# Dgraph.Allow-Origin "https://localhost:3000"
# Dgraph.Allow-Origin "https://example.com"

Expected response header from a request from https://cloud.dgraph.io

access-control-allow-origin: https://cloud.dgraph.io

Actual response header: ✅

access-control-allow-origin: https://cloud.dgraph.io
@ericwhitefield ericwhitefield added the kind/bug Something is broken. label Oct 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Something is broken.
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ericwhitefield