Menu
I trying to connect socket.io between Angular and Nodejs Server
In Angular I have declared a new socket and connect it import * as io from 'socket.io-client'; ... @component ... const socket = io.connect('http://localhost:3000');
In back end : server.js
const express = require('express');
const app = express();
var http = require('http').Server(app);
var io = require('socket.io')(http);
io.set('origins', 'http://localhost:4200');
var routes = require('./routes/routes')(io);
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(function (req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Methods", "GET, POST, PUT ,DELETE");
res.header(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept"
);
next();
});
io.on('connection', function (socket) {
socket.emit('news', { hello: 'world' });
console.log("connectd");
});
app.use('/', routes);
var server = app.listen(3000, function (io) {
})
The app is compiling and getting data from server. but only socket.io is not working I get this error:
localhost/:1 Failed to load http://localhost:3000/socket.io/?EIO=3&transport=polling&t=MEpHAtN: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
Why is error persist even after configuring CORS in server side ?
471
For requests without credentials, the literal value " * " can be specified as a wildcard; the value tells browsers to allow requesting code from any origin to access the resource. Attempting to use the wildcard with credentials results in an error. Specifies an origin. Only a single origin can be specified.
The specification of Access-Control-Allow-Origin allows for multiple origins, or the value null , or the wildcard * . However, no browser supports multiple origins and there are restrictions on the use of the wildcard * .
Simply add a header to your HttpServletResponse by calling addHeader : response. addHeader("Access-Control-Allow-Origin", "*");
Access-Control-Allow-Origin specifies either a single origin which tells browsers to allow that origin to access the resource; or else — for requests without credentials — the " * " wildcard tells browsers to allow any origin to access the resource.
The message is clear enough:
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include
This happens because you're setting the property withCredentials on your XMLHttpRequest to true. So you need to drop the wildcard, and add Access-Control-Allow-Credentials header.
res.header("Access-Control-Allow-Origin", "http://localhost:4200");
res.header('Access-Control-Allow-Credentials', true);
You can use cors package, to easily implement a whitelist:
const cors = require('cors');
const whitelist = ['http://localhost:4200', 'http://example2.com'];
const corsOptions = {
credentials: true, // This is important.
origin: (origin, callback) => {
if(whitelist.includes(origin))
return callback(null, true)
callback(new Error('Not allowed by CORS'));
}
}
app.use(cors(corsOptions));
For a simple no-security socket.io (v.4) server configuration try:
const ios = require('socket.io');
const io = new ios.Server({
allowEIO3: true,
cors: {
origin: true,
credentials: true
},
})
io.listen(3000, () => {
console.log('[socket.io] listening on port 3000')
})
(allowEIO3 is only needed if you want compatiblity with older socket.io clients)
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
