Giter Site home page Giter Site logo

Response Headers Missing about cors HOT 8 CLOSED

expressjs avatar expressjs commented on March 29, 2024
Response Headers Missing

from cors.

Comments (8)

Siyfion avatar Siyfion commented on March 29, 2024

@troygoode Oh and I'm using the latest version of node.js and express.

from cors.

troygoode avatar troygoode commented on March 29, 2024

Looks like the issue is that express requires us to manually enable OPTIONS requests (I incorrectly assumed app.GET would also receive requests with an OPTIONS method). Fix incoming.

The one part I'm still a bit confused about is that the spec says simple methods, including POST, don't require a preflight OPTIONS request - so it isn't clear to me why an OPTIONS request is even being made against your route.

from cors.

Siyfion avatar Siyfion commented on March 29, 2024

I did wonder if it was just that in express, app.get only gets called with a GET, not OPTIONS as well.

I think OPTIONS is being called due to the fact that the calling domain is http://... and the request is to https://...

from cors.

troygoode avatar troygoode commented on March 29, 2024

That could be. After further testing it looks like the library works fine, you just have to manually apply it to both OPTIONS and POST in your case. The fix is simply to specify cors for the OPTIONS request as well, so your code would look like this:

/* snip */
app.options('/api/login', cors(corsOptions), login.login); //add this line
app.post('/api/login', cors(corsOptions), login.login);
/* snip */

I'm working on updated docs that point this out as well as a Heroku-hosted client/server example that will illustrate (and let me more easily verify) that everything is hunky-dory.

from cors.

troygoode avatar troygoode commented on March 29, 2024

Interactive example that verifies everything is working using your example code:

http://node-cors-client.herokuapp.com/issue-2.html

Server code:

https://github.com/TroyGoode/node-cors-server/blob/master/app.js#L45

from cors.

Siyfion avatar Siyfion commented on March 29, 2024

Fantastic, thanks for the help! 👍

from cors.

Siyfion avatar Siyfion commented on March 29, 2024

As you said:

The one part I'm still a bit confused about is that the spec says simple methods, including POST, don't require a preflight OPTIONS request - so it isn't clear to me why an OPTIONS request is even being made against your route.

Well, the MDN states that a preflight is only not required for a POST when the data is one of the following:
application/x-www-form-urlencoded, multipart/form-data,ortext/plain
(https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS)

from cors.

troygoode avatar troygoode commented on March 29, 2024

Ahah, interesting. Thanks!

from cors.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.