CDN assets support access-control-allow-origin: *

I am trying to use Apollo Sandbox with CDN assets.
With Subresource Integrity, fetching embeddable-sandbox.umd.production.min.js return CORS error. It’s like this.

<script rel="preload" as="script" type="text/javascript" crossorigin="anonymous" integrity="sha256-zBwhGqKkP2HAC/cgcvud4YMRGFeYz/S9vjOBL3e9qII=" src=""></script>

I think it should return with the access-control-allow-origin: * header.

Hey @ergofriend, thanks for reporting! It looks like @cheapsteak is already working on a fix for this. We’ll follow up when it’s deployed!

1 Like

Hi there, the update is released and the CORS error should go away now!

A heads up though that the _latest/ bundle would change with each deploy, and thus the integrity hash would become outdated when new bundles are released

If you do need the integrity hash, Instead of _latest, you could put in the full commit hash of the commit corresponding to a deploy, e.g.

You could find the list of commits here: Commits · apollographql/embeddable-explorer · GitHub

1 Like