Skip to content

Instantly share code, notes, and snippets.

@cmdoptesc
Created August 21, 2013 06:39
Show Gist options
  • Save cmdoptesc/6291011 to your computer and use it in GitHub Desktop.
Save cmdoptesc/6291011 to your computer and use it in GitHub Desktop.
Node.js Express CORS settings / cross origin resource sharing / XMLHttpRequest Origin is not allowed by Access-Control-Allow-Origin
// Express CORS middleware.. so much easier than trying to get Restify to work
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, Accept, Origin, Referer, User-Agent, Content-Type, Authorization');
// intercept OPTIONS method
if (req.method === 'OPTIONS') {
res.send(200);
}
else {
next();
}
};
// you might have "app" instead of "server"
server.configure(function() {
server.use(allowCrossDomain); // make sure this is is called before the router
server.use(server.router); // not entirely necessary--will be automatically called with the first .get()
});
// hat tip:
// http://stackoverflow.com/questions/7067966/how-to-allow-cors-in-express-nodejs
// http://stackoverflow.com/questions/11001817/allow-cors-rest-request-to-a-express-node-js-application-on-heroku
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment