> hypequery

CORS

Configure CORS for serve({ queries }) when browser clients need cross-origin access.

CORS

Use CORS when your frontend or external browser client calls a hypequery runtime from a different origin.

Enable CORS

The simplest option is:

const api = serve({
  queries: { activeUsers },
  cors: true,
});

That enables standard cross-origin handling for the runtime.

Configure CORS explicitly

Use a config object when you need to control origins, headers, or methods:

const api = serve({
  queries: { activeUsers },
  cors: {
    origin: ['https://app.example.com', 'http://localhost:3000'],
    methods: ['GET', 'POST', 'OPTIONS'],
    allowedHeaders: ['content-type', 'authorization', 'x-api-key'],
    exposedHeaders: ['x-request-id'],
    credentials: true,
    maxAge: 86400,
  },
});

When to use it

  • use CORS when your browser app calls a separate hypequery server
  • you usually do not need it when hypequery is mounted inside the same app origin
  • React hooks calling a different origin will typically need it

See Also

Multi-Tenancy

Configure tenant extraction and isolation in the serve({ queries }) runtime.

Rate Limiting

Protect serve({ queries }) runtimes with middleware-based rate limiting.

On this page

CORSEnable CORSConfigure CORS explicitlyWhen to use itSee Also