CDN assets support access-control-allow-origin: *

ergofriend · March 7, 2023, 3:53pm

I am trying to use Apollo Sandbox with CDN assets.
With Subresource Integrity, fetching embeddable-sandbox.umd.production.min.js return CORS error. It’s like this.

<script rel="preload" as="script" type="text/javascript" crossorigin="anonymous" integrity="sha256-zBwhGqKkP2HAC/cgcvud4YMRGFeYz/S9vjOBL3e9qII=" src="https://embeddable-sandbox.cdn.apollographql.com/2c39bc65f284867ec89935781959282e5605f3f6/embeddable-sandbox.umd.production.min.js"></script>

I think it should return with the access-control-allow-origin: * header.

trevor.scheer · March 8, 2023, 5:48pm

Hey @ergofriend, thanks for reporting! It looks like @cheapsteak is already working on a fix for this. We’ll follow up when it’s deployed!

Chang · March 9, 2023, 4:41pm

Hi there, the update is released and the CORS error should go away now!

A heads up though that the _latest/ bundle would change with each deploy, and thus the integrity hash would become outdated when new bundles are released

If you do need the integrity hash, Instead of _latest, you could put in the full commit hash of the commit corresponding to a deploy, e.g. https://embeddable-sandbox.cdn.apollographql.com/a7a3315471b58b65cdd4e82dec7f85006d3baf1c/embeddable-sandbox.umd.production.min.js

You could find the list of commits here: Commits · apollographql/embeddable-explorer · GitHub

Topic		Replies	Views
Can't get the Apollo Sandbox working in my env (with COEP) Help	2	206	January 31, 2024
Embedding Sandbox with ACAO Help web	0	125	February 2, 2024
How to disable Sandbox? Help server	1	1035	May 17, 2023
Apollo Studio sandbox preflight for introspection fails Help studio	2	732	January 17, 2023
Sandbox Behind Reverse Proxy Help server , studio	0	593	January 13, 2023

CDN assets support access-control-allow-origin: *

Related Topics