Application Modules

CORS Configuration

Configure allowed origins so external front-ends can query the rescile-ce API without browser CORS errors.

Edit this page on GitHub

Cross-Origin Resource Sharing (CORS)

When developing custom applications, you might host your front-end externally (such as on a local Vite development server or a separate production domain) rather than serving it directly from a rescile module. By default, browsers enforce Cross-Origin Resource Sharing (CORS), which restricts these external web pages from making HTTP requests to the rescile-ce API (e.g., the /graphql endpoint).

To explicitly permit these external applications to query rescile-ce, the server accepts the ALLOWED_ORIGINS environment variable. You can provide a single origin, a comma-separated list of origins, or * to allow all origins.

For example, to allow requests from a local Vite development server and a production domain, start rescile-ce with the environment variable set:

ALLOWED_ORIGINS="http://localhost:5173,https://my-prod-app.com" rescile-ce serve