I have a problem when trying to communicate with my node.js server from ajax requests. Show
I have configured my server like this : var allowCrossDomain = function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); next(); }; app.use(allowCrossDomain);When doing my requests I have this error : XMLHttpRequest cannot load http://10.192.122.180:8181/meters. No 'Access-Control-Allow- Origin' header is present on the requested resource. Origin 'http://localhost:6161' is therefore not allowed access.Could someone help me please ? Thanks! I have an API running on a server and a front-end client connecting to it to retrieve data. I did some research on the cross domain problem and has it working. However I've not sure what has changed. I am now getting this error in the console:
I have the following route file: var express = require('express'); var router = express.Router(); var Assessment = require('../app/models/assessment'); router.all('*', function (req, res, next) { res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Methods', 'PUT, GET, POST, DELETE, OPTIONS'); res.header('Access-Control-Allow-Headers', 'Content-Type'); next(); }); router.post('/api/status', function (req, res, next) { getStatus.getStatus(req, res, Assessment); }); module.exports = router;And the following JavaScript making an Ajax call to that route: var user = { 'uid' : '12345' }; $.ajax({ data: user, method: 'POST', url: 'https://api.mydomain/api/status', crossDomain: true, done: function () { }, success: function (data) { console.log(JSON.stringify(data)); }, error: function (xhr, status) { } });I have tried: The requesting domain is HTTP and the api domain is on HTTPS. However, I have had it working while the HTTP was enabled. Does anyone have any insight into why the 'Access-Control-Allow-Origin' header is not being send? Thank you I have an API running on a server and a front-end client connecting to it to retrieve data. I did some research on the cross domain problem and has it working. However I've not sure what has changed. I am now getting this error in the console:
I have the following route file: var express = require('express'); var router = express.Router(); var Assessment = require('../app/models/assessment'); router.all('*', function (req, res, next) { res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Methods', 'PUT, GET, POST, DELETE, OPTIONS'); res.header('Access-Control-Allow-Headers', 'Content-Type'); next(); }); router.post('/api/status', function (req, res, next) { getStatus.getStatus(req, res, Assessment); }); module.exports = router; And the following JavaScript making an Ajax call to that route: var user = { 'uid' : '12345' }; $.ajax({ data: user, method: 'POST', url: 'https://api.mydomain/api/status', crossDomain: true, done: function () { }, success: function (data) { console.log(JSON.stringify(data)); }, error: function (xhr, status) { } }); I have tried: The requesting domain is HTTP and the api domain is on HTTPS. However, I have had it working while the HTTP was enabled. Does anyone have any insight into why the 'Access-Control-Allow-Origin' header is not being send? Thank you
CORS is a node.js package for providing a Connect/Express middleware that can be used to enable CORS with various options. Follow me (@troygoode) on Twitter!
InstallationThis is a Node.js module available through the npm registry. Installation is done using the npm install command: $ npm install corsUsageSimple Usage (Enable All CORS Requests)var express = require('express') var cors = require('cors') var app = express() app.use(cors()) app.get('/products/:id', function (req, res, next) { res.json({msg: 'This is CORS-enabled for all origins!'}) }) app.listen(80, function () { console.log('CORS-enabled web server listening on port 80') })Enable CORS for a Single Routevar express = require('express') var cors = require('cors') var app = express() app.get('/products/:id', cors(), function (req, res, next) { res.json({msg: 'This is CORS-enabled for a Single Route'}) }) app.listen(80, function () { console.log('CORS-enabled web server listening on port 80') })Configuring CORSvar express = require('express') var cors = require('cors') var app = express() var corsOptions = { origin: 'http://example.com', optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204 } app.get('/products/:id', cors(corsOptions), function (req, res, next) { res.json({msg: 'This is CORS-enabled for only example.com.'}) }) app.listen(80, function () { console.log('CORS-enabled web server listening on port 80') })Configuring CORS w/ Dynamic OriginThis module supports validating the origin dynamically using a function provided to the origin option. This function will be passed a string that is the origin (or undefined if the request has no origin), and a callback with the signature callback(error, origin). The origin argument to the callback can be any value allowed for the origin option of the middleware, except a function. See the configuration options section for more information on all the possible value types. This function is designed to allow the dynamic loading of allowed origin(s) from a backing datasource, like a database. var express = require('express') var cors = require('cors') var app = express() var corsOptions = { origin: function (origin, callback) { // db.loadOrigins is an example call to load // a list of origins from a backing database db.loadOrigins(function (error, origins) { callback(error, origins) }) } } app.get('/products/:id', cors(corsOptions), function (req, res, next) { res.json({msg: 'This is CORS-enabled for an allowed domain.'}) }) app.listen(80, function () { console.log('CORS-enabled web server listening on port 80') })Enabling CORS Pre-FlightCertain CORS requests are considered ‘complex’ and require an initial OPTIONS request (called the “pre-flight request”). An example of a ‘complex’ CORS request is one that uses an HTTP verb other than GET/HEAD/POST (such as DELETE) or that uses custom headers. To enable pre-flighting, you must add a new OPTIONS handler for the route you want to support: You can also enable pre-flight across-the-board like so: app.options('*', cors()) // include before other routesNOTE: When using this middleware as an application level middleware (for example, app.use(cors())), pre-flight requests are already handled for all routes. Configuring CORS Asynchronouslyvar express = require('express') var cors = require('cors') var app = express() var allowlist = ['http://example1.com', 'http://example2.com'] var corsOptionsDelegate = function (req, callback) { var corsOptions; if (allowlist.indexOf(req.header('Origin')) !== -1) { corsOptions = { origin: true } // reflect (enable) the requested origin in the CORS response } else { corsOptions = { origin: false } // disable CORS for this request } callback(null, corsOptions) // callback expects two parameters: error and options } app.get('/products/:id', cors(corsOptionsDelegate), function (req, res, next) { res.json({msg: 'This is CORS-enabled for an allowed domain.'}) }) app.listen(80, function () { console.log('CORS-enabled web server listening on port 80') })Configuration Options
The default configuration is the equivalent of: { "origin": "*", "methods": "GET,HEAD,PUT,PATCH,POST,DELETE", "preflightContinue": false, "optionsSuccessStatus": 204 }For details on the effect of each CORS header, read this article on web.dev. DemoA demo that illustrates CORS working (and not working) using React is available here: https://node-cors-client.netlify.com Code for that demo can be found here:
LicenseMIT License Troy Goode () How do I enable AccessThis post shows how to enable CORS in Node.. app. use(function(req, res, next) {. res. header("Access-Control-Allow-Origin", "*");. res. header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");. next();. How do I fix a CORS issue in node js?To solve this error, we need to add the CORS header to the server and give https://www.section.io access to the server response. Include the following in your index. js file. const cors = require('cors'); app.
How do I enable AccessEnabling CORS
The easiest way to get CORS working in Express is by using the cors npm module. That's it. CORS is now enabled. The Access-Control-Allow-Origin header determines which origins are allowed to access server resources over CORS (the * wildcard allows access from any origin).
How do I fix CORS header AccessIf the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
|