Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

req.headers.origin is undefined

Tags:

node.js

express

sails.js

Fairly new to Node and Express. I have a sails.js app that relies on knowing the origin of a request as I need to authenticate the request is coming from a domain that is registered.

I've seen in the logs that the origin is empty occasionally, why would this be happening? Is it not a good idea to rely on the origin property, is there another option?

Thanks

like image 749
Giles Butler Avatar asked Apr 09 '15 06:04

Giles Butler

People also ask

What is req headers origin?

The Origin request header indicates the origin (scheme, hostname, and port) that caused the request. For example, if a user agent needs to request resources included in a page, or fetched by scripts that it executes, then the origin of the page may be included in the request. Header type. Request header.

What is origin and referer in request header?

"The Origin request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST requests. It is similar to the Referer header, but, unlike this header, it doesn't disclose the whole path." source.

How do I change my HTTP request on Origin?

You cannot change the Origin header the browser sends when your JavaScript asks it to make an HTTP request. (Firefox, at least, will ignore attempts to set it). There isn't any point in changing it anyway.

How do I set REQ headers?

In the Name field, enter the name of your header rule (for example, My header ). From the Type menu, select Request, and from the Action menu, select Set. In the Destination field, enter the name of the header affected by the selected action. In the Source field, enter where the content for the header comes from.

2 Answers

The origin may be hidden if the user comes from an ssl encrypted website.

Also: Some browser extensions remove origin and referer from the http-request headers, and therefore the origin property will be empty.

You might want to create some sort of authentication token and pass it as a parameter, instead on relying on request headers. Especially since the headers can be faked/manipulated.

like image 95
Peanut Avatar answered Sep 20 '22 09:09

Peanut

Try with this:

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", req.header('origin'));
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  res.header("Access-Control-Allow-Credentials","true");
  next();
});
like image 27
josebetomex Avatar answered Sep 21 '22 09:09

josebetomex
Sign in to Comment

Related questions

Mailgun webhook POST body seems empty
return value inside promise chain isn't getting called
TypeError: req.checkBody is not a function
Dev dependencies vs dependencies in node.js
Usage of Bearer Tokens in https request
Sequelize update
Chai response.body is always empty {}
How to convert HTML to image in Node.js
query.on is not a function
process.on('SIGINT' multiple termination signals
Getting 404 Not Found on OPTIONS with NestJS
Import statement breaks typeorm enitities when registered through config.json file
require('node-fetch') gives ERR_REQUIRE_ESM
how to recover from duplicate key in mongoose + express
how to render json object in jade and loop through results
Why am I getting weird result using parseInt in node.js? (different result from chrome js console)
POST to PHP from Node.js
iterate over an array of objects in jade/pugjs
Run function/code after certain time with nodejs
What app.set function does (express.js)?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!