You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a backend and a frontend in node js and I want to decide which domain can do get requests, post requests, etc, from axios or fetch.
From the backend with the cors module I configure the origin with the domain that will have the permission to send requests.
If from the frontend from an index.html I use axios or fetch if it respects the cors, but if I use axios or fetch from the node js server with express it ignores cors and lets see the request.
Example:
main.js Backend
importexpressfrom"express"importcorsfrom"cors"constapp=express()constallowedOrigins=["http://www.frontend1.com","http://frontend2.com","http://localhost:3500"]constcredentials=(req,res,next)=>{constorigin=req.headers.originif(allowedOrigins.includes(origin)){res.header("Access-Control-Allow-Credentials",true)}next()}constcorsOptions={origin: (origin,callback)=>{if(allowedOrigins.indexOf(origin)!==-1||!origin){callback(null,true)}else{callback(newError("Not allowed by CORS"))}},optionsSuccessStatus: 200}app.use(credentials)app.use(cors(corsOptions))app.get("/",(req,res)=>{res.json({status: "success",message: "Backend"})})app.listen(4000,()=>{console.log(`Backend is running on port 4000 http://127.0.0.1:4000`)})
main.js Frontend
importexpressfrom"express"importaxiosfrom"axios"constapp=express()app.get("/",(req,res)=>{axios.get("http://127.0.0.1:4000").then(response=>{res.json(response.data)}).catch(error=>{res.json(error)})})app.listen(3000,()=>{console.log(`Frontend is running on port 3000 http://127.0.0.1:3000`)})
This should give a cors error, but no, it shows the json at the end and that's what I don't want.
I hope you can help me, thanks in advance :(
The text was updated successfully, but these errors were encountered:
Hi, sorry you are unfamiliar with how CORS functions. All controls are performed on the client side in CORS. You can find the specs and exactly how it works described in many places, including on MDN. The CORS spec is simply a mechanism to set headers on the response to control how the client side adheres same-origin restrictions.
I have a backend and a frontend in node js and I want to decide which domain can do get requests, post requests, etc, from axios or fetch.
From the backend with the cors module I configure the origin with the domain that will have the permission to send requests.
If from the frontend from an index.html I use axios or fetch if it respects the cors, but if I use axios or fetch from the node js server with express it ignores cors and lets see the request.
Example:
main.js Backend
main.js Frontend
This should give a cors error, but no, it shows the json at the end and that's what I don't want.
I hope you can help me, thanks in advance :(
The text was updated successfully, but these errors were encountered: