CORS "It does not have HTTP ok status."

Question

NodeJS Express platform. Using Zeit Now 2. Cannot use server.js as proxy to send from backend to prevent CORS. So, nor wrestling with CORS problems. Tested desktop: chrome, safari, firefox. Mobile: chrome, firefox. Have tested to host on Now with HTTPS, same error as I get locally on both localhost:3000 and 127.0.0.1:3000, same using port 80.

Access to fetch at 'https://**MY_URL**/user/login' from origin 'http://127.0.0.1:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

I use https://www.npmjs.com/package/cors to set my CORS configs:

app.use(cors({
  'allowedHeaders': ['Content-Type', 'API-Key', 'API-Secret', 'Access-Control-Allow-Headers'', 'accept', 'client-security-token'],
  'exposedHeaders': ['sessionId'],
  'origin': '*',
  'methods': 'GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS',
  'preflightContinue': false,
  'credentials': true
}));

The CORS settings doesn't seem to work for my, so I tried with the now.json file, like this (trimmed veersion):

{
  "name": "my-test-api",
  "version": 2,
  "routes": [
    {
     "src": "/.*",
     "methods": ["GET", "POST", "OPTIONS"],
     "headers": { "Access-Control-Max-Age": "1000", "Access-Control-Allow-Methods": "GET, HEAD, PUT, PATCH, POST, DELETE, OPTIONS", "Access-Control-Allow-Origin": "*", "Accept": "text/plain", "Content-Type": "text/plain", "Access-Control-Allow-Headers": "sessionId, Content-Type, API-Key, API-Secret, Access-Control-Allow-Headers", "Access-Control-Expose-Headers": "sessionId", "Access-Control-Allow-Credentials": "true" },
     "continue": true
    },
    { "src": "/user/login", "methods": ["POST"], "dest": "index.js" }
  ]
}

Even added statusCode 200 to all my responses, but without any success. Removing the Npm-cors-package won't change anything, but removing the Now.json totally destroys stuff, and I get this error, from MDN even though I have it specified in my app.use(cors()).

Not really sure what to do, have been struggeling with this forever. No problem with cURL or other hosts where I can use backend proxy.

Answer 1

You can set the HTTP status of the pre-flight response.

app.options('*', function (req,res) { res.sendStatus(200); });

Answer 2

You may need to enable pre-flight requests for your route

app.use(cors())

app.options('/post/login', cors()) // enable pre-flight requests
app.post('/post/login', (req, res, next) => {
    // your code here
});

or for all routes

app.options('*', cors())