node.js

  • Origin ‘localhost:8888’ is not allowed access.”
  • Top answer suffers from the fact that OPTIONS request isn’t handled by middleware and you don’t get it automatically.
  • The top answer worked fine for me, except that I needed to whitelist more than one domain.
  • @jvandemo do i have to change the app.get(‘/’, function(req, res) to …
  • var cors = require(‘cors’); // use it before all route definitions app.use(cors({origin: ‘http://localhost:8888’}));

i’ve created a small API using Node/Express and trying to pull data using Angularjs but as my html page is running under apache on localhost:8888 and node API is listen on port 3000, i am getting the No ‘Access-Control-Allow-Origin’. I tried using node-http-proxy and Vhosts Apache but not having much succes, please see full error and code below.

@NodeJsQnA: No ‘Access-Control-Allow-Origin’ – Node / Apache Port Issue #nodejs #api #rest #angularjs #express

i’ve created a small API using Node/Express and trying to pull data using Angularjs but as my html page is running under apache on localhost:8888 and node API is listen on port 3000, i am getting the No ‘Access-Control-Allow-Origin’. I tried using node-http-proxy and Vhosts Apache but not having much succes, please see full error and code below.

“XMLHttpRequest cannot load localhost:3000. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘localhost:8888’ is therefore not allowed access.”

You are my favorite person ever right now. Thank you. Can we add a note that this code has to happen before the routes are defined for noobs like me? – gegillam Feb 4 ’16 at 3:01

How to make this work while using the request module? – Rohit Tigga Nov 26 ’16 at 23:04

It’s simple to use, for this particular case:

var cors = require(‘cors’); // use it before all route definitions app.use(cors({origin: ‘http://localhost:8888’}));

The top answer worked fine for me, except that I needed to whitelist more than one domain.

doesn’t allow specifying more than one domain.

Here’s what I ended up with:

var _ = reqiure(‘underscore’); function allowCrossDomain(req, res, next) { res.setHeader(‘Access-Control-Allow-Methods’, ‘GET, POST, OPTIONS’); var origin = req.headers.origin; if (_.contains(app.get(‘allowed_origins’), origin)) { res.setHeader(‘Access-Control-Allow-Origin’, origin); } if (req.method === ‘OPTIONS’) { res.send(200); } else { next(); } } app.configure(function () { app.use(express.logger()); app.use(express.bodyParser()); app.use(allowCrossDomain); });

To get it working for all sources, use this instead:

// Add headers app.use(function (req, res, next) { // Website you wish to allow to connect res.setHeader(‘Access-Control-Allow-Origin’, ‘*’); // Request methods you wish to allow res.setHeader(‘Access-Control-Allow-Methods’, ‘GET, POST, OPTIONS, PUT, PATCH, DELETE’); // Request headers you wish to allow res.setHeader(‘Access-Control-Allow-Headers’, ‘X-Requested-With,content-type’); // Set to true if you need the website to include cookies in the requests sent // to the API (e.g. in case you use sessions) res.setHeader(‘Access-Control-Allow-Credentials’, true); // Pass to next layer of middleware next(); });

Another way, is simply add the headers to your route:

router.get(‘/’, function(req, res) { res.setHeader(‘Access-Control-Allow-Origin’, ‘*’); res.setHeader(‘Access-Control-Allow-Methods’, ‘GET, POST, OPTIONS, PUT, PATCH, DELETE’); // If needed res.setHeader(‘Access-Control-Allow-Headers’, ‘X-Requested-With,contenttype’); // If needed res.setHeader(‘Access-Control-Allow-Credentials’, true); // If needed res.send(‘cors problem fixed:)’); });

set chromePath to POSIX path of “/Applications/Google Chrome.app/Contents/MacOS/Google Chrome” set switch to ” –allow-file-access-from-files” do shell script (quoted form of chromePath) & switch & ” > /dev/null 2>&1 &”

app.all(‘*’, function(req, res,next) { /** * Response settings * @type {Object} */ var responseSettings = { “AccessControlAllowOrigin”: req.headers.origin, “AccessControlAllowHeaders”: “Content-Type,X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Date, X-Api-Version, X-File-Name”, “AccessControlAllowMethods”: “POST, GET, PUT, DELETE, OPTIONS”, “AccessControlAllowCredentials”: true }; /** * Headers */ res.header(“Access-Control-Allow-Credentials”, responseSettings.AccessControlAllowCredentials); res.header(“Access-Control-Allow-Origin”, responseSettings.AccessControlAllowOrigin); res.header(“Access-Control-Allow-Headers”, (req.headers[‘access-control-request-headers’]) ? req.headers[‘access-control-request-headers’] : “x-requested-with”); res.header(“Access-Control-Allow-Methods”, (req.headers[‘access-control-request-method’]) ? req.headers[‘access-control-request-method’] : responseSettings.AccessControlAllowMethods); if (‘OPTIONS’ == req.method) { res.send(200); } else { next(); } });

node.js