-
-
Save cuppster/2344435 to your computer and use it in GitHub Desktop.
app.use(express.methodOverride()); | |
// ## CORS middleware | |
// | |
// see: http://stackoverflow.com/questions/7067966/how-to-allow-cors-in-express-nodejs | |
var allowCrossDomain = function(req, res, next) { | |
res.header('Access-Control-Allow-Origin', '*'); | |
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE'); | |
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization'); | |
// intercept OPTIONS method | |
if ('OPTIONS' == req.method) { | |
res.send(200); | |
} | |
else { | |
next(); | |
} | |
}; | |
app.use(allowCrossDomain); |
You might want to look at https://github.com/agrueneberg/Corser
A small note here: a select few versions of Android's native browser, including Gingerbread, will prepend the response body of the OPTIONS call to the response body of the actual call. By default, res.send
will include the body 'OK'
, which causes problems when attempting to parse the body as JSON. To mitigate this issue, use res.send(200, '')
, otherwise you'll end up trying to parse 'OK{}'
.
You should probably be using res.send(204)
. The 204 HTTP status indicates "No Content".
I would like to re-iterate what @mwawrusch says: please look at a module like corser
and do not use this; this does not fully comply with the CORS specification, where-as a module like corser
does (and less LoC for you to maintain in your app, at that).
Don't forget about Access-Control-Allow-Credentials
Thank you !
FYI for newer versions of Express, you will get a warning saying res.send
is deprecated. Use res.sendStatus
instead
Thanks again ))
WARNING: be aware that for authenticated cors requests, Access-Control-Allow-Origin can't be a wildcard '*'
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Credentialed_requests_and_wildcards
Works!
@Lonniebiz please share a snippet of how you solved it.
Thank you so much!!!
Thank you!!
Great, it is helpful.
Very good!
This is Great stuff. it worked for me
Great, it works! Thank you.
Cool stuff with the 'OPTIONS' hack