Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

AEM as Headless caching strategy

Avatar

Level 6
Level 6
2/20/23 1:57:08 AM

Hi All,

 

We have a requirement to support multiple different domains that will be consuming content from AEM using GraphQL APIs.

 

The problem that we are facing is that the response is caching the "Access-Control-Allow-Origin" headers which is causing the below scenario.

 

Suppose, I hit the AEM GraphQL endpoint from "domainA", AEM sends "Access-Control-Allow-Origin: domainA" as part of the response which is cached.

 

Now, when I hit the AEM GraphQL endpoint from "domainB", the cached response with "Access-Control-Allow-Origin: domainA" gets returned instead of "Access-Control-Allow-Origin: domainB" which causes CORS issue.

 

Is there a way to vary the response based on the origin for the GraphQL endpoint?

 

Thanks,

Ram

Views

383

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
2/20/23 7:30:27 AM

Hi @rampai ,

 

You can allow all origins by replacing the domain with * but generally this is not recommended as it is not too secure. You can try this approach to find the domain from the request and add that domain in the response.

ChitraMadan_0-1676906863562.png

With .htaccess you can do it like this:

# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www\.)? (google.com|staging.google.com|development.google.com|otherdomain.example|dev02.otherdomain.example)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header merge Vary Origin
    </IfModule>
</FilesMatch>

View solution in original post

Views

360

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Community Advisor
Community Advisor
2/20/23 7:30:27 AM

Hi @rampai ,

 

You can allow all origins by replacing the domain with * but generally this is not recommended as it is not too secure. You can try this approach to find the domain from the request and add that domain in the response.

ChitraMadan_0-1676906863562.png

With .htaccess you can do it like this:

# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www\.)? (google.com|staging.google.com|development.google.com|otherdomain.example|dev02.otherdomain.example)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header merge Vary Origin
    </IfModule>
</FilesMatch>

Views

361

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Pipeline-free URL Redirects is not working in AEM Cloud Dispatcher Solved

Views

149

Likes

0

Replies

5
Using Environment Variables in OSGi configurations as part of String Solved

Views

192

Likes

0

Replies

8
Reg: Video Smartcrops in AEM 6.5

Views

41

Likes

0

Replies

1
AEM session management and user access

Views

91

Likes

0

Replies

3
AEM Clud migration: Strategy to reduce ACS AEM Commons dependency

Views

61

Likes

0

Replies

1