Exposing Foxx to the browser

    • Accessing Foxx from an application server that exposes its own API.

    • Using a web server like Apache or nginx as a reverse proxy to exposeonly the Foxx service.

    • Exposing ArangoDB directly by running ArangoDB on a public port.

    Accessing Foxx from an application server is probably the safest approach asthe application server shields the database from the browser entirely. Howeverthis also adds the most development overhead and may result in unnecessaryduplication of access logic.

    This approach works best if you’re using Foxx in an existing application stackor want to use an to access the database API directly alongside your Foxx service.

    As Foxx services provide ordinary HTTP endpoints, you can access them from yourexisting application server using any run-of-the-mill HTTP client with JSONsupport. Some ArangoDB drivers also let you access arbitrary HTTP endpoints.

    Example (Node with arangojs):

    Example (nginx):

    Example (Apache):

    The advantage of this approach is that it allows you to expose just the serviceitself without exposing the entire database API.

    This approach also works well if you’re already using a web server to serveyour web application frontend files and want your frontend to talk directly tothe service.

    Note: when running Foxx behind a reverse proxy some properties of therequest object will reflect the proxy rather than the original request source(i.e. the browser). You can tell Foxx to expect to run behind a trusted proxyby enabling the property of the service context:

    Foxx will then trust the values of the following request headers:

    • x-forwarded-host for req.hostname and
    • x-forwarded-port for req.port
    • x-forwarded-for for req.remoteAddress and

    Note that this property needs to be set in your main entry file. Setting it inthe setup script has no effect.

    Unless your service is explicitly intended to be used by people who alreadyhave access to the ArangoDB web interface, you should go with one of the otherapproaches instead.

    Only use this for internal services intended to helpusers who already have full access to the database.Don’t ever expose your database to the public Internet.

    If you are running ArangoDB on a public port andwant a web app running on a different port or domain to access it,you will need to enable CORS in ArangoDB.

    First you need toconfigure ArangoDB for CORS.As of 3.2 Foxx will then automatically whitelist all response headers as they are used.

    If you want more control over the whitelist or are using an older version ofArangoDB you can set the following response headers in your request handler:

    • access-control-allow-credentials: can be set to "false" to forbidexposing cookies. The default value depends on whether ArangoDBtrusts the origin. See the.