-
Notifications
You must be signed in to change notification settings - Fork 9
Simple "allowedDomains" CORS setting #262
Comments
Have you tried using your local ip Maybe relevant? http://stackoverflow.com/a/10892392 |
@jedireza Thanks, I'll give that a try and get back to you. |
This works for me just fine. On the relevant connection config, {
routes: {
cors: {
origin: [list, of, valid, domains]
}
}
} Depending on your requirements, you may also have to configure additional allowed headers or whether credentials may be sent. |
OK, you're right, thanks @devinivy! This seems to work (ran into an odd server.connection({
host: '127.0.0.1', // Because sometimes I get a weird Error: listen EADDRINUSE 0.0.0.0:3000
port: process.env.API_PORT,
// See: https://github.com/hapijs/discuss/issues/262#issuecomment-204616831
routes: { cors: { origin: [process.env.FRONTEND_URL] } }
}) And it even works in Chrome even though Thanks for your help all! Seems |
great support from the hapi community, you are awesome :) |
Glad this worked out! |
I spent several hours trying to figure out how to get Hapi to simply respond to AJAX requests from localhost:8080 to localhost:3000, and never did figure it out. I tried following the documentation for the server/route/connections
cors
setting but nothing worked. It was very odd to me that such basic functionality didn't work out-of-the-box.It was only by installing the
hapi-cors-headers
that things started working. However, as noted here, this plugin can lead to security issues and isn't good for production use.Neither myself, nor @gr2m (author of the
hapi-cors-headers
plugin), see why there isn't a simpleallowedDomains: ['domain1.com', 'domain2.com']
to make AJAX calls function properly in Hapi.My searches revealed that this is a huge stumbling block for many people trying to use Hapi, and in many cases lots of questions are just left unanswered on Stackoverflow and in other locations. Could this config setting be added to Hapi?
And also, until such a setting is added, I am still in need of this capability, and it's not clear to me how it would be implemented, so if anyone could give pointers on that here it would be greatly appreciated!
Thank you!
The text was updated successfully, but these errors were encountered: