New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cors #1374

chrisschaub opened this Issue May 7, 2015 · 6 comments


None yet
7 participants

chrisschaub commented May 7, 2015

So, I've read through the cors threads and see it is now baked into Keystone. I'm writing a mobile hybrid app with ionic that talks to keystone for some data. I've tried adding

 app.all('/api/events', keystone.middleware.cors,;


 app.all('/api/*', keystone.middleware.cors,;

Restart and I still get the cors error. Is there anything else I need to do? The routes work fine otherwise.



This comment has been minimized.

mikeblakeney commented Jun 4, 2015

I ran into the same thing. Did some digging and found the middleware file in the source:

Check out lines 21 and 23. Basically if the origin is set to true then allow all ( * ). So in my keystone.js file I added:
keystone.set('cors allow origin', true);

Hope this helps!


This comment has been minimized.

xianlin commented Oct 12, 2015

Basically you need to do the above 2 steps:

  1. In your middleware index.js
app.all('/api*', keystone.middleware.cors);
  1. In your keystone.js
keystone.set('cors allow origin', true);

Then you will be able to see the correct CORS header response

Access-Control-Allow-Headers:Content-Type, Authorization

@alancwoo alancwoo referenced this issue Jan 17, 2016


CORS Support #619


This comment has been minimized.


morenoh149 commented Jan 17, 2016


@morenoh149 morenoh149 closed this Jan 17, 2016


This comment has been minimized.

useralive003 commented Jan 12, 2017

var express = require('express'); 
var app = express(); 
var bodyParser = require('body-parser');
var multer = require('multer');

app.use(function(req, res, next) { //allow cross origin requests
    res.setHeader("Access-Control-Allow-Methods", "POST, PUT, OPTIONS, DELETE, GET");
    res.header("Access-Control-Allow-Origin", "http://localhost");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

/** Serving from the same express Server
No cors required */

var storage = multer.diskStorage({ //multers disk storage settings
    destination: function (req, file, cb) {
        cb(null, './uploads/');
    filename: function (req, file, cb) {
        var datetimestamp =;
        cb(null, file.fieldname + '-' + datetimestamp + '.' + file.originalname.split('.')[file.originalname.split('.').length -1]);

var upload = multer({ //multer settings
                storage: storage

/** API path that will upload the files */'/upload', function(req, res) {

app.listen('3000', function(){
    console.log('running on 3000...');

This comment has been minimized.

tomheathershub commented Sep 23, 2017

I have the following set in keystone.js

keystone.set('cors allow origin', true); keystone.set('cors allow methods', true); keystone.set('cors allow headers', true);

The correct CORS header response is correct on my local environment:
Access-Control-Allow-Headers:true Access-Control-Allow-Methods:true Access-Control-Allow-Origin:*

However once deployed to live, these don't exist... any suggestions?

You can see the ajax request here: - request URL:


This comment has been minimized.

asliwinski commented Sep 23, 2017

@tomheathershub responds with 503: Service Unavailable. Nothing to do with CORS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment