Restrict origins
To restrict origins of HTTP requests :
- Add lines starting with
# Dgraph.Allow-Origin
at the end of your GraphQL schema specifying the orgins allowed. - Deploy the GraphQL schema either with a schema update or via the Cloud console’s Schema page.
For example, the following will restrict all origins except the ones specified.
# Dgraph.Allow-Origin "https://example.com"
# Dgraph.Allow-Origin "https://www.example.com"
https://cloud.dgraph.io
is always allowed so that API explorer
, in Dgraph Cloud console, continues to work.
Note
- CORS restrictions only apply to browsers.
- By default,
/graphql
endpoint does not limit the request origin (Access-Control-Allow-Origin: *
).