To restrict origins of HTTP requests :
- Add lines starting with
# Dgraph.Allow-Originat the end of your GraphQL schema specifying the orgins allowed.
- Deploy the GraphQL schema either with a schema update or via the Cloud console’s Schema page.
For example, the following will restrict all origins except the ones specified.
# Dgraph.Allow-Origin "https://example.com" # Dgraph.Allow-Origin "https://www.example.com"
https://cloud.dgraph.io is always allowed so that
API explorer, in Dgraph Cloud console, continues to work.
- CORS restrictions only apply to browsers.
- By default,
/graphqlendpoint does not limit the request origin (