GraphQL CORs preflight endpoint configuration

November 29, 2021 George (@gwdt)1 Comment

During testing for an upgrade to 10.2 of a JSS implementation recently we identified that some of our connected GQL calls were failing when running locally in the client due to CORs issues.

Access to fetch at 'https://mysitecoreinstance.com/api/my-web-gql-endpoint' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

Headless (r)evolution in Sitecore – Slides

January 9, 2021October 20, 2021 George (@gwdt)Leave a comment

Just before the Turkey and Christmas induced coma at the end of last year, I presented to the Perth Sitecore User Group on the evolution and future of Headless architectures in the Sitecore ecosystem. We explored some of the history, a glance at current offerings in Sitecore 10 and a glimpse into what the future might look like with Static Site Generation (SSG) and Experience Edge.

JSS v15 – What’s new in SSR?

November 14, 2020November 15, 2020 George (@gwdt)Leave a comment

ICYMI Sitecore JSS v15 dropped recently, the second release to support Sitecore 10. Reading the release notes there is a clear focus on performance and a whole bunch of improvements to the SDK and sample apps. Given I’ve been playing a lot lately with the Node SSR proxy, there were a few changes that piqued my interest.

JSS Node Proxy and CSPs

October 28, 2020November 15, 2020 George (@gwdt)Leave a comment

Lately I’ve been digging into JSS delivery topologies and in particular SSR proxy options. As a starting point, I’ve been using the sample node headless proxy from the Sitecore JSS Github repo. In my dev scenario I was hitting a local Standalone Sitecore instance in Docker, and immediately noticed the images being referenced from Sitecore were getting blocked by the Content Security Policy (CSP). This is due to the CSP being set on all requests to the CM via a web.config setting, and then it being repeated back to the browser via the node proxy.

JSS headless SSR proxy “unable to verify the first certificate”

October 18, 2020October 19, 2020 George (@gwdt)Leave a comment

When developing a new JSS solution I was looking to have a play locally in headless mode. Unfortunately I hit an issue after standing up a newly minted Sitecore 10 SXA/JSS instance in docker and using it as the apiHost running the node-headless-ssr-proxy sample app locally. After setting up the appropriate values for the proxy and ensuring the react app was in place, I was getting the following error for all SSR layout service requests.

[HPM] Proxy created: /  -> https://xp0cm.localhost
server listening on port 3001!
FetchError: request to https://xp0cm.localhost/sitecore/api/jss/dictionary/jss-sandbox/en?sc_apikey=%7BXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX%7D failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (C:\repos\sandbox\node-proxy\node_modules\node-fetch\lib\index.js:1444:11)
    at ClientRequest.emit (events.js:315:20)
    at TLSSocket.socketErrorListener (_http_client.js:426:9)
    at TLSSocket.emit (events.js:315:20)
    at emitErrorNT (internal/streams/destroy.js:92:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
    at processTicksAndRejections (internal/process/task_queues.js:84:21) {
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}