Skip to content

Instantly share code, notes, and snippets.

Created April 9, 2012 16:02
Show Gist options
  • Save cuppster/2344435 to your computer and use it in GitHub Desktop.
Save cuppster/2344435 to your computer and use it in GitHub Desktop.
express.js middleware to support CORS pre-flight requests
// ## CORS middleware
// see:
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
// intercept OPTIONS method
if ('OPTIONS' == req.method) {
else {
Copy link

skeggse commented Nov 20, 2013

A small note here: a select few versions of Android's native browser, including Gingerbread, will prepend the response body of the OPTIONS call to the response body of the actual call. By default, res.send will include the body 'OK', which causes problems when attempting to parse the body as JSON. To mitigate this issue, use res.send(200, ''), otherwise you'll end up trying to parse 'OK{}'.

Copy link

jcready commented Dec 17, 2013

You should probably be using res.send(204). The 204 HTTP status indicates "No Content".

Copy link

I would like to re-iterate what @mwawrusch says: please look at a module like corser and do not use this; this does not fully comply with the CORS specification, where-as a module like corser does (and less LoC for you to maintain in your app, at that).

Copy link

katrotz commented Dec 11, 2015

Don't forget about Access-Control-Allow-Credentials

Copy link

Thank you !

Copy link

nicotroia commented Sep 21, 2016

FYI for newer versions of Express, you will get a warning saying res.send is deprecated. Use res.sendStatus instead

Copy link

givehug commented Jan 20, 2017

Thanks again ))

Copy link

WARNING: be aware that for authenticated cors requests, Access-Control-Allow-Origin can't be a wildcard '*'

Copy link


Copy link

@Lonniebiz please share a snippet of how you solved it.

Copy link

Thank you so much!!!

Copy link

Thank you!!

Copy link

hygull commented Sep 9, 2018

Great, it is helpful.

Copy link

isaquebc commented Nov 20, 2018

Very good!

Copy link

Aubizzy commented Jun 17, 2020

This is Great stuff. it worked for me

Copy link

Great, it works! Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment