GraphQL CORs preflight endpoint configuration

November 29, 2021 George (@gwdt)1 Comment

During testing for an upgrade to 10.2 of a JSS implementation recently we identified that some of our connected GQL calls were failing when running locally in the client due to CORs issues.

Access to fetch at 'https://mysitecoreinstance.com/api/my-web-gql-endpoint' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

Multiroot treelist serialization in GraphQL

November 22, 2020 George (@gwdt)Leave a comment

In a previous post I wrote about extending the JSS Layout service to support serialization of field types that aren’t serialized OOTB, like the Multiroot treelist added by SXA. Catch up on that post here. That was great, but there is a little more to ensure those field types are also mapped and serialized by GraphQL queries.

JSS v15 – What’s new in SSR?

November 14, 2020November 15, 2020 George (@gwdt)Leave a comment

ICYMI Sitecore JSS v15 dropped recently, the second release to support Sitecore 10. Reading the release notes there is a clear focus on performance and a whole bunch of improvements to the SDK and sample apps. Given I’ve been playing a lot lately with the Node SSR proxy, there were a few changes that piqued my interest.

JSS Node Proxy and CSPs

October 28, 2020November 15, 2020 George (@gwdt)Leave a comment

Lately I’ve been digging into JSS delivery topologies and in particular SSR proxy options. As a starting point, I’ve been using the sample node headless proxy from the Sitecore JSS Github repo. In my dev scenario I was hitting a local Standalone Sitecore instance in Docker, and immediately noticed the images being referenced from Sitecore were getting blocked by the Content Security Policy (CSP). This is due to the CSP being set on all requests to the CM via a web.config setting, and then it being repeated back to the browser via the node proxy.

JSS headless SSR proxy “unable to verify the first certificate”

October 18, 2020October 19, 2020 George (@gwdt)Leave a comment

When developing a new JSS solution I was looking to have a play locally in headless mode. Unfortunately I hit an issue after standing up a newly minted Sitecore 10 SXA/JSS instance in docker and using it as the apiHost running the node-headless-ssr-proxy sample app locally. After setting up the appropriate values for the proxy and ensuring the react app was in place, I was getting the following error for all SSR layout service requests.

[HPM] Proxy created: /  -> https://xp0cm.localhost
server listening on port 3001!
FetchError: request to https://xp0cm.localhost/sitecore/api/jss/dictionary/jss-sandbox/en?sc_apikey=%7BXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX%7D failed, reason: unable to verify the first certificate
    at ClientRequest.<anonymous> (C:\repos\sandbox\node-proxy\node_modules\node-fetch\lib\index.js:1444:11)
    at ClientRequest.emit (events.js:315:20)
    at TLSSocket.socketErrorListener (_http_client.js:426:9)
    at TLSSocket.emit (events.js:315:20)
    at emitErrorNT (internal/streams/destroy.js:92:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:60:3)
    at processTicksAndRejections (internal/process/task_queues.js:84:21) {
  type: 'system',
  errno: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}

Multiroot treelist serialization in JSS and SXA

September 19, 2020October 18, 2020 George (@gwdt)1 Comment

The Multiroot treelist field type has featured in SXA for a while now, but unfortunately doesn’t serialize as expected in the JSS Layout Service. As the name suggests, it presents as a Treelist and allows developers to select multiple root nodes via queries in the source of the field definition.