CDN assets support access-control-allow-origin: *

ergofriend · March 7, 2023, 3:53pm

I am trying to use Apollo Sandbox with CDN assets.
With Subresource Integrity, fetching embeddable-sandbox.umd.production.min.js return CORS error. It’s like this.

<script rel="preload" as="script" type="text/javascript" crossorigin="anonymous" integrity="sha256-zBwhGqKkP2HAC/cgcvud4YMRGFeYz/S9vjOBL3e9qII=" src="https://embeddable-sandbox.cdn.apollographql.com/2c39bc65f284867ec89935781959282e5605f3f6/embeddable-sandbox.umd.production.min.js"></script>

I think it should return with the access-control-allow-origin: * header.

trevor.scheer · March 8, 2023, 5:48pm

Hey @ergofriend, thanks for reporting! It looks like @cheapsteak is already working on a fix for this. We’ll follow up when it’s deployed!

Chang · March 9, 2023, 4:41pm

Hi there, the update is released and the CORS error should go away now!

A heads up though that the _latest/ bundle would change with each deploy, and thus the integrity hash would become outdated when new bundles are released

If you do need the integrity hash, Instead of _latest, you could put in the full commit hash of the commit corresponding to a deploy, e.g. https://embeddable-sandbox.cdn.apollographql.com/a7a3315471b58b65cdd4e82dec7f85006d3baf1c/embeddable-sandbox.umd.production.min.js

You could find the list of commits here: Commits · apollographql/embeddable-explorer · GitHub

Topic		Replies	Views
Can't get the Apollo Sandbox working in my env (with COEP) GraphOS	2	435	January 31, 2024
Apollo 4 GET Sandbox causing CSRF on server Server server	14	7509	February 6, 2025
Embedding Sandbox with ACAO Client SDKs web	0	206	February 2, 2024
Apollo Client is not accepting CORS from SpringBoot graphQL server in TEST environment Client SDKs client	3	1339	February 6, 2025
Facing CORS error when I am trying to call QA graphql api's from the localhost nextjs application Server server	1	1092	February 6, 2025

CDN assets support access-control-allow-origin: *

Related topics