Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Node.js Express CORS settings / cross origin resource sharing / XMLHttpRequest Origin is not allowed by Access-Control-Allow-Origin
// Express CORS middleware.. so much easier than trying to get Restify to work
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, Accept, Origin, Referer, User-Agent, Content-Type, Authorization');
// intercept OPTIONS method
if (req.method === 'OPTIONS') {
else {
// you might have "app" instead of "server"
server.configure(function() {
server.use(allowCrossDomain); // make sure this is is called before the router
server.use(server.router); // not entirely necessary--will be automatically called with the first .get()
// hat tip:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.