Comments (8)
@troygoode Oh and I'm using the latest version of node.js and express.
from cors.
Looks like the issue is that express requires us to manually enable OPTIONS requests (I incorrectly assumed app.GET would also receive requests with an OPTIONS method). Fix incoming.
The one part I'm still a bit confused about is that the spec says simple methods, including POST, don't require a preflight OPTIONS request - so it isn't clear to me why an OPTIONS request is even being made against your route.
from cors.
I did wonder if it was just that in express, app.get
only gets called with a GET, not OPTIONS as well.
I think OPTIONS is being called due to the fact that the calling domain is http://... and the request is to https://...
from cors.
That could be. After further testing it looks like the library works fine, you just have to manually apply it to both OPTIONS and POST in your case. The fix is simply to specify cors for the OPTIONS request as well, so your code would look like this:
/* snip */
app.options('/api/login', cors(corsOptions), login.login); //add this line
app.post('/api/login', cors(corsOptions), login.login);
/* snip */
I'm working on updated docs that point this out as well as a Heroku-hosted client/server example that will illustrate (and let me more easily verify) that everything is hunky-dory.
from cors.
Interactive example that verifies everything is working using your example code:
http://node-cors-client.herokuapp.com/issue-2.html
Server code:
https://github.com/TroyGoode/node-cors-server/blob/master/app.js#L45
from cors.
Fantastic, thanks for the help! 👍
from cors.
As you said:
The one part I'm still a bit confused about is that the spec says simple methods, including POST, don't require a preflight OPTIONS request - so it isn't clear to me why an OPTIONS request is even being made against your route.
Well, the MDN states that a preflight is only not required for a POST when the data is one of the following:
application/x-www-form-urlencoded, multipart/form-data,
ortext/plain
(https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS)
from cors.
Ahah, interesting. Thanks!
from cors.
Related Issues (20)
- Access-Control-Allow-Origin issue HOT 2
- [Feature request] A more powerful custom origin calculation method depending on other headers HOT 6
- No Configuration Options for Access-Control-Allow-Private-Network HOT 1
- CORS Error only on Mac HOT 2
- Cors origin RegExp issues HOT 10
- Option preflightContinue not working with origin function
- Array - set origin -Not working HOT 3
- Incorrect response when option origin is true and requestOrigin is undefined HOT 2
- "origin" is undefined when requests are received from the same server AND when malicious requests are sent from a program HOT 1
- Undefined origin should be treated as not allowed - discusson HOT 4
- Configure Allowed Headers as Array of RegExp
- DEMO is broken HOT 1
- Invalid Vary header in Access-Control-Allow-Headers HOT 2
- `OPTIONS` request handler missing `Allow` header HOT 13
- cors is hanging HOT 2
- CORS error when fonts
- Add support for having specified domain instead of wildcard HOT 3
- Request: callback for failed CORS HOT 5
- Cors error when connecting through ssh tunnel HOT 1
- I have random 'Access-Control-Allow-Origin' errors, even if i set origin: '*', is my usage correct ? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cors.