-
-
Save cuppster/2344435 to your computer and use it in GitHub Desktop.
app.use(express.methodOverride()); | |
// ## CORS middleware | |
// | |
// see: http://stackoverflow.com/questions/7067966/how-to-allow-cors-in-express-nodejs | |
var allowCrossDomain = function(req, res, next) { | |
res.header('Access-Control-Allow-Origin', '*'); | |
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE'); | |
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization'); | |
// intercept OPTIONS method | |
if ('OPTIONS' == req.method) { | |
res.send(200); | |
} | |
else { | |
next(); | |
} | |
}; | |
app.use(allowCrossDomain); |
I would like to re-iterate what @mwawrusch says: please look at a module like corser
and do not use this; this does not fully comply with the CORS specification, where-as a module like corser
does (and less LoC for you to maintain in your app, at that).
Don't forget about Access-Control-Allow-Credentials
Thank you !
FYI for newer versions of Express, you will get a warning saying res.send
is deprecated. Use res.sendStatus
instead
Thanks again ))
WARNING: be aware that for authenticated cors requests, Access-Control-Allow-Origin can't be a wildcard '*'
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Credentialed_requests_and_wildcards
Works!
@Lonniebiz please share a snippet of how you solved it.
Thank you so much!!!
Thank you!!
Great, it is helpful.
Very good!
This is Great stuff. it worked for me
Great, it works! Thank you.
You should probably be using
res.send(204)
. The 204 HTTP status indicates "No Content".