Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

CORS - Facebook - Passport

I'm trying to implement OAUTH login via Facebook in my Nodejs/Angular/Express/Passport app but i'm struggeling with it.

I still get the CORS error:

XMLHttpRequest has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.xxxxxx.net' is therefore not allowed access.

Although i already added to my EXPRESS ROUTER:

router.all('/*', function(req, res, next) {
    res.header('Access-Control-Allow-Origin', '*');
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
    res.header('Access-Control-Allow-Headers', 'Content-Type');

    if ('OPTIONS' === req.method) {
      res.send(200);
    }
    else {
      next();
    }
});

In the Developer Console i can see that the Header for the "oauth/facebook" GET call is adding 'Access-Control-Allow-Origin' and so on.

In the Callback there is no 'Access-Control-Allow-Origin' and so on - is this correct?

router.get('/oauth/facebook/',passport.authenticate('facebook',{
      failureRedirect: '/info',
      scope:['email']
  }));

router.get('/oauth/facebook/callback/', passport.authenticate('facebook',{
      failureRedirect: '/info',
      successRedirect: '/',
      scope:['email']
  }),
  function(req,res){
    if(req.user){
      return res.json({token: req.user.generateJWT()});
    } else {
      return res.status(400).json({message:"Not found"});
    }
});
like image 460
fdddk23 Avatar asked Feb 02 '17 12:02

fdddk23


People also ask

How do I fix the CORS error?

Short description. Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.

What is CORS and how do you solve it?

Cross-Origin Resource Sharing (CORS) is a mechanism or a protocol that allows devices on one domain to access resources residing on other domains. Generally, for security reasons, browsers forbid requests that come in from cross-domain sources.

What is node Cors?

CORS stands for Cross-Origin Resource Sharing . It allows us to relax the security applied to an API. This is done by bypassing the Access-Control-Allow-Origin headers, which specify which origins can access the API.


1 Answers

I had multiple failures in this setup which lead to this failure.

First of all you need to call the link "/oauth/facebook/" with href:

<a href="/oauth/facebook/" class="btn btn-primary"><span class="fa fa-facebook"></span> Login with Facebook</a>

This ensures that not angular handles this Request.

It calls this route on the Servers side: router.get('/oauth/facebook/',passport.authenticate('facebook',{ failureRedirect: '/#!/home', scope:['email'] }));

Which callbacks:

router.get('/oauth/facebook/callback/', passport.authenticate('facebook',{
      failureRedirect: '/#!/info',
      scope:['email']
  }),
  function(req,res){
    if(req.user){
      return res.redirect(303, '/#!/fb/' +req.user.generateJWT());
    } else {
      return res.status(400).json({message:"Not found"});
    }
});

In my case I also need to return a Token for login: You need to handle the Response by your own and redirect the call an own 'FB' Route on the angular side, which just basically takes my authentication key to Angular and logins the user.

like image 196
fdddk23 Avatar answered Sep 20 '22 07:09

fdddk23