Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Acheiving CORS via a Node HTTP Server
// Create our server
var server;
server = http.createServer(function(req,res){
// Set CORS headers
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Request-Method', '*');
res.setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
res.setHeader('Access-Control-Allow-Headers', '*');
if ( req.method === 'OPTIONS' ) {
res.writeHead(200);
res.end();
return;
}
// ...
});
@modeswitch

This comment has been minimized.

Copy link

commented Apr 21, 2015

I just tried this and apparently * is not permitted for the Access-Control-Allow-Headers header.

@brunofin

This comment has been minimized.

Copy link

commented Sep 30, 2015

If * is not permitted, what should be used then? Thanks

@afshinm

This comment has been minimized.

Copy link

commented Nov 17, 2015

+1. saved an hour.

@michaellujan

This comment has been minimized.

Copy link

commented Mar 1, 2016

You need to just allow origin:

res.setHeader('Access-Control-Allow-Headers', req.header.origin);

@thadk

This comment has been minimized.

Copy link

commented Mar 19, 2016

Failing that:

If you using Chrome and your not sure what headers are being requested, use the Developer Console, Network select the call being made and you can view what headers are being requested by Access-Control-Request-Headers

(http://stackoverflow.com/questions/32500073/request-header-field-access-control-allow-headers-is-not-allowed-by-itself-in-pr)

e.g.:
res.setHeader('Access-Control-Allow-Headers', 'authorization, content-type');

@Steveb-p

This comment has been minimized.

Copy link

commented Nov 15, 2017

@michaellujan
for reference, req contains headers, not header.

@HarryAmmon

This comment has been minimized.

Copy link

commented Feb 25, 2019

Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.