Skip to content
This repository has been archived by the owner on Sep 18, 2019. It is now read-only.

Simple "allowedDomains" CORS setting #262

Closed
taoeffect opened this issue Apr 2, 2016 · 6 comments
Closed

Simple "allowedDomains" CORS setting #262

taoeffect opened this issue Apr 2, 2016 · 6 comments

Comments

@taoeffect
Copy link

I spent several hours trying to figure out how to get Hapi to simply respond to AJAX requests from localhost:8080 to localhost:3000, and never did figure it out. I tried following the documentation for the server/route/connections cors setting but nothing worked. It was very odd to me that such basic functionality didn't work out-of-the-box.

It was only by installing the hapi-cors-headers that things started working. However, as noted here, this plugin can lead to security issues and isn't good for production use.

Neither myself, nor @gr2m (author of the hapi-cors-headers plugin), see why there isn't a simple allowedDomains: ['domain1.com', 'domain2.com'] to make AJAX calls function properly in Hapi.

My searches revealed that this is a huge stumbling block for many people trying to use Hapi, and in many cases lots of questions are just left unanswered on Stackoverflow and in other locations. Could this config setting be added to Hapi?

And also, until such a setting is added, I am still in need of this capability, and it's not clear to me how it would be implemented, so if anyone could give pointers on that here it would be greatly appreciated!

Thank you!
@taoeffect taoeffect mentioned this issue Apr 2, 2016
Closed
@jedireza
Copy link

jedireza commented Apr 2, 2016

Have you tried using your local ip 127.0.0.1 instead of localhost?

Maybe relevant? http://stackoverflow.com/a/10892392

@taoeffect
Copy link
Author

@jedireza Thanks, I'll give that a try and get back to you.

@devinivy
Copy link

devinivy commented Apr 2, 2016

This works for me just fine. On the relevant connection config,

{
    routes: {
        cors: {
            origin: [list, of, valid, domains]
        }
    }
}

Depending on your requirements, you may also have to configure additional allowed headers or whether credentials may be sent.

@taoeffect
Copy link
Author

OK, you're right, thanks @devinivy! This seems to work (ran into an odd EADDRINUSE bug that required me to add host: to the config):

server.connection({
  host: '127.0.0.1', // Because sometimes I get a weird Error: listen EADDRINUSE 0.0.0.0:3000
  port: process.env.API_PORT,
  // See: https://github.com/hapijs/discuss/issues/262#issuecomment-204616831
  routes: { cors: { origin: [process.env.FRONTEND_URL] } }
})

And it even works in Chrome even though process.env.FRONT_END is set to 'http://localhost:8000'. I must've been really tired and not thinking straight that night I was trying to get this to work.

Thanks for your help all! Seems hapi-cors-headers isn't necessary after all. 😄

@gr2m
Copy link

gr2m commented Apr 3, 2016

great support from the hapi community, you are awesome :)

@devinivy
Copy link

devinivy commented Apr 3, 2016

Glad this worked out!

@PauloFerreira25 PauloFerreira25 mentioned this issue May 24, 2019
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gr2m @taoeffect @jedireza @devinivy