Menu
I'm trying to implement OAUTH login via Facebook in my Nodejs/Angular/Express/Passport app but i'm struggeling with it.
I still get the CORS error:
XMLHttpRequest has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.xxxxxx.net' is therefore not allowed access.
Although i already added to my EXPRESS ROUTER:
router.all('/*', function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type');
if ('OPTIONS' === req.method) {
res.send(200);
}
else {
next();
}
});
In the Developer Console i can see that the Header for the "oauth/facebook" GET call is adding 'Access-Control-Allow-Origin' and so on.
In the Callback there is no 'Access-Control-Allow-Origin' and so on - is this correct?
router.get('/oauth/facebook/',passport.authenticate('facebook',{
failureRedirect: '/info',
scope:['email']
}));
router.get('/oauth/facebook/callback/', passport.authenticate('facebook',{
failureRedirect: '/info',
successRedirect: '/',
scope:['email']
}),
function(req,res){
if(req.user){
return res.json({token: req.user.generateJWT()});
} else {
return res.status(400).json({message:"Not found"});
}
});
460
Short description. Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.
Cross-Origin Resource Sharing (CORS) is a mechanism or a protocol that allows devices on one domain to access resources residing on other domains. Generally, for security reasons, browsers forbid requests that come in from cross-domain sources.
CORS stands for Cross-Origin Resource Sharing . It allows us to relax the security applied to an API. This is done by bypassing the Access-Control-Allow-Origin headers, which specify which origins can access the API.
I had multiple failures in this setup which lead to this failure.
First of all you need to call the link "/oauth/facebook/" with href:
<a href="/oauth/facebook/" class="btn btn-primary"><span class="fa fa-facebook"></span> Login with Facebook</a>
This ensures that not angular handles this Request.
It calls this route on the Servers side: router.get('/oauth/facebook/',passport.authenticate('facebook',{ failureRedirect: '/#!/home', scope:['email'] }));
Which callbacks:
router.get('/oauth/facebook/callback/', passport.authenticate('facebook',{
failureRedirect: '/#!/info',
scope:['email']
}),
function(req,res){
if(req.user){
return res.redirect(303, '/#!/fb/' +req.user.generateJWT());
} else {
return res.status(400).json({message:"Not found"});
}
});
In my case I also need to return a Token for login: You need to handle the Response by your own and redirect the call an own 'FB' Route on the angular side, which just basically takes my authentication key to Angular and logins the user.
196
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With