Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Access-Control-Allow-Origin" is not added to headers #103

Closed
nahwinrajan opened this issue Feb 12, 2017 · 5 comments
Closed

"Access-Control-Allow-Origin" is not added to headers #103

nahwinrajan opened this issue Feb 12, 2017 · 5 comments
Assignees
@dougwilson
Labels
docs

Comments

@nahwinrajan
Copy link

nahwinrajan commented Feb 12, 2017
edited by dougwilson

It started with having problem for CORS between my front-end (angular2) and back-end (expressjs). Some StackOverflow recommend to use cors-package (for answers in 2016 against those from 2013-2014).

I've used following configuration and CORS still not adding "Access-Control-Allow-Origin":

cors            = require('cors'),

const originsWhiteList = {
  "http://localhost:3001": true   // front-end development port
};

const corsOptions = {
  origin: function(origin, callback) {
    callback(originsWhiteList[origin] ? null : 'Bad Request', originsWhiteList[origin]);
  },
  credentials: true,
  methods: ['GET', 'POST', 'PUT', 'DELETE']
}
.
.
.
// just right before other routes
app.use(cors(corsOptions));
app.options('/api/v1/*', cors());

this should be classified as bug, right ?

the exact error:

XMLHttpRequest cannot load http://localhost:3000/api/v1/todos. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3001' is therefore not allowed access. The response had HTTP status code 403.
@dougwilson
Copy link
Contributor

This is not a bug, rather you accidentally made a mistake in your origin function. The second argument to callback needs to be the string of the origin to allow, but instead you are passing originsWhiteList[origin], which is actually the value true. Your function should be the following:

  origin: function(origin, callback) {
    callback(originsWhiteList[origin] ? null : 'Bad Request', origin);
  },

@nahwinrajan
Copy link
Author

Function - set origin to a function implementing some custom logic. The function takes the request origin as the first parameter and a callback (which expects the signature err [object], allow [bool]) as the second.

the readme file state the second callback's parameter is a boolean

@dougwilson
Copy link
Contributor

Weird, then not sure. Can you issue a PR that fixes the issue you are having?

@dougwilson dougwilson reopened this Feb 13, 2017
@nahwinrajan
Copy link
Author

I believe that only fault is at ReadMe.md file only,
the function actually expecting string of the allowed url (origin url, as you suggested)

@dougwilson dougwilson self-assigned this Mar 26, 2017
@dougwilson
Copy link
Contributor

So after spending the past week getting to know this module better to help maintain it--it turns out that both are correct. The second argument you give to the callback can actually be any valid value to the origin option (so, an array, a string, a boolean, etc.).

@SkeLLLa SkeLLLa mentioned this issue Oct 16, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dougwilson dougwilson

Labels
docs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dougwilson @nahwinrajan