Expand my Community achievements bar.

SOLVED

AEM as Headless caching strategy

Avatar

Level 6
Level 6
2/20/23 1:57:08 AM

Hi All,

 

We have a requirement to support multiple different domains that will be consuming content from AEM using GraphQL APIs.

 

The problem that we are facing is that the response is caching the "Access-Control-Allow-Origin" headers which is causing the below scenario.

 

Suppose, I hit the AEM GraphQL endpoint from "domainA", AEM sends "Access-Control-Allow-Origin: domainA" as part of the response which is cached.

 

Now, when I hit the AEM GraphQL endpoint from "domainB", the cached response with "Access-Control-Allow-Origin: domainA" gets returned instead of "Access-Control-Allow-Origin: domainB" which causes CORS issue.

 

Is there a way to vary the response based on the origin for the GraphQL endpoint?

 

Thanks,

Ram

Views

305

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
2/20/23 7:30:27 AM

Hi @rampai ,

 

You can allow all origins by replacing the domain with * but generally this is not recommended as it is not too secure. You can try this approach to find the domain from the request and add that domain in the response.

ChitraMadan_0-1676906863562.png

With .htaccess you can do it like this:

# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www\.)? (google.com|staging.google.com|development.google.com|otherdomain.example|dev02.otherdomain.example)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header merge Vary Origin
    </IfModule>
</FilesMatch>

View solution in original post

Views

282

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Community Advisor
Community Advisor
2/20/23 7:30:27 AM

Hi @rampai ,

 

You can allow all origins by replacing the domain with * but generally this is not recommended as it is not too secure. You can try this approach to find the domain from the request and add that domain in the response.

ChitraMadan_0-1676906863562.png

With .htaccess you can do it like this:

# ----------------------------------------------------------------------
# Allow loading of external fonts
# ----------------------------------------------------------------------
<FilesMatch "\.(ttf|otf|eot|woff|woff2)$">
    <IfModule mod_headers.c>
        SetEnvIf Origin "http(s)?://(www\.)? (google.com|staging.google.com|development.google.com|otherdomain.example|dev02.otherdomain.example)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header merge Vary Origin
    </IfModule>
</FilesMatch>

Views

283

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Page Exporter Doesn't work for custom pages AEM

Views

12

Likes

0

Replies

0
How can I adjust AEM Grid System Gutter space and Column Width based on the UX design ?

Views

52

Likes

0

Replies

2
Adding a html page not part of aem domain

Views

46

Likes

0

Replies

2
Error installing itextpdf dependency in a servlet in AEM

Views

67

Likes

0

Replies

1
How to make merge as Package Manager default mode

Views

62

Likes

0

Replies

1