Menu
I'm trying to allow CORS in node.js but the problem is that I can't set * to Access-Control-Allow-Origin if Access-Control-Allow-Credentials is set.
Also the specification said I can't do an array or comma separated value for Access-Control-Allow-Origin and the suggested method would be to do something similar to this Access-Control-Allow-Origin Multiple Origin Domains?
But I can't seem to do this way in node.js
["http://example.com:9001", "http://example.com:5001"].map(domain => { res.setHeader("Access-Control-Allow-Origin", domain); }); res.header("Access-Control-Allow-Credentials", true); The problem here is that it's bein override by the last value in the array, so the header will be set to res.setHeader("Access-Control-Allow-Origin", "http://example.com:5001");
Error from the client browser:
XMLHttpRequest cannot load http://example.com:9090/api/sync. The 'Access-Control-Allow-Origin' header has a value 'http://example.com:5001' that is not equal to the supplied origin. Origin 'http://example.com:9001' is therefore not allowed access.
526
Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you would like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.
To solve this error, we need to add the CORS header to the server and give https://www.section.io access to the server response. Include the following in your index. js file. const cors = require('cors'); app.
Here is how you can allow a single domain access using CORS options: var corsOptions = { origin: 'http://localhost:8080', optionsSuccessStatus: 200 // For legacy browser support } app. use(cors(corsOptions)); If you configure the domain name in the origin - the server will allow CORS from the configured domain.
Here is what I use in my express application to allow multiple origins
app.use((req, res, next) => { const allowedOrigins = ['http://127.0.0.1:8020', 'http://localhost:8020', 'http://127.0.0.1:9000', 'http://localhost:9000']; const origin = req.headers.origin; if (allowedOrigins.includes(origin)) { res.setHeader('Access-Control-Allow-Origin', origin); } //res.header('Access-Control-Allow-Origin', 'http://127.0.0.1:8020'); res.header('Access-Control-Allow-Methods', 'GET, OPTIONS'); res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization'); res.header('Access-Control-Allow-Credentials', true); return next(); }); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
