Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Node.js cross-origin POST. You should response for OPTIONS request first. Something like this.
if (req.method === 'OPTIONS') {
console.log('!OPTIONS');
var headers = {};
// IE8 does not allow domains to be specified, just the *
// headers["Access-Control-Allow-Origin"] = req.headers.origin;
headers["Access-Control-Allow-Origin"] = "*";
headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, OPTIONS";
headers["Access-Control-Allow-Credentials"] = false;
headers["Access-Control-Max-Age"] = '86400'; // 24 hours
headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept";
res.writeHead(200, headers);
res.end();
} else {
//...other requests
}
@kentcdodds

This comment has been minimized.

Copy link

kentcdodds commented Jul 16, 2013

Thanks! Pulled me out of a bind :)

@ghost

This comment has been minimized.

Copy link

ghost commented Aug 22, 2013

Thanks a bunch for this!

@kennardconsulting

This comment has been minimized.

Copy link

kennardconsulting commented Oct 10, 2013

+1

@moussahoumani

This comment has been minimized.

Copy link

moussahoumani commented Nov 3, 2013

Wow I like this code very much but was the else statement really necessary if you weren't going to put any code inside, just saying you could of saved a couple lines of code and made the program a bit shorter, Besides that I liked it good job.

@ChristianRich

This comment has been minimized.

Copy link

ChristianRich commented Mar 20, 2014

Totally works. Thanks!

@mrmurphy

This comment has been minimized.

Copy link

mrmurphy commented May 27, 2014

Super

@micahblu

This comment has been minimized.

Copy link

micahblu commented Jul 16, 2014

it actually works :)

@matsilva

This comment has been minimized.

Copy link

matsilva commented Apr 28, 2015

Wow its moments like these that I remember that i 'know nothing!' Thanks!

@UstymUkhman

This comment has been minimized.

Copy link

UstymUkhman commented Jun 21, 2015

Thank a lot! I've spent hours to make that work without extentions.

@Qblack

This comment has been minimized.

Copy link

Qblack commented Jun 28, 2015

Thank you, this works great but apparently if you trying to pass a token on the GET you may still need to add Authorization to the list of accepted Headers.

@Erichain

This comment has been minimized.

Copy link

Erichain commented Jan 26, 2016

Thank you very much.
But when I use your code to my app, it still says there is a CORS problem.
If I write as this ( put the headers code outside the if condition ):

var app = http.createServer(function ( req, res, next ) {
    var headers = {};

    // set header to handle the CORS
    headers['Access-Control-Allow-Origin'] = '*';
    headers['Access-Control-Allow-Headers'] = 'Content-Type, Content-Length, Authorization, Accept, X-Requested-With';
    headers['Access-Contrl-Allow-Methods'] = 'PUT, POST, GET, DELETE, OPTIONS';
    headers["Access-Control-Max-Age"] = '86400';
    res.writeHead(200, headers);

    if ( req.method === 'OPTIONS' ) {
        console.log('OPTIONS SUCCESS');
        res.end();
    }
    else {
        //other requests
    }
});

The problem disappears.

@forl

This comment has been minimized.

Copy link

forl commented Mar 26, 2016

Great! this helped me a lot .

@cameronroe

This comment has been minimized.

Copy link

cameronroe commented Sep 20, 2016

@daviidesnow

This comment has been minimized.

Copy link

daviidesnow commented Mar 9, 2017

#awesome

@harihasr

This comment has been minimized.

Copy link

harihasr commented Jun 29, 2017

Thanks a ton for this! It saved me some sleepless nights

@victor245

This comment has been minimized.

Copy link

victor245 commented Jul 3, 2017

works fine in Chrome, but not in FF !
To work in FireFox : "Access-Control-Allow-Headers" must also have 'cache-control'.
found it in http://help.octopusdeploy.com/discussions/problems/30952-set-access-control-allow-origin.
I could not find any doc, but it works for me: FF 54.0 Ubuntu - Node.js 6.9.5 Ubuntu.

@lostation

This comment has been minimized.

Copy link

lostation commented Aug 6, 2017

@nilcolor @cameronroe YOU SAVED ME ! THANKS A LOT !!! I spent 2 days on fu** issues of preflight...

@falsy

This comment has been minimized.

Copy link

falsy commented Feb 22, 2018

@nilcolor @cameronroe Thank you! This is the information I really wanted!

@mirzaumersaleem

This comment has been minimized.

Copy link

mirzaumersaleem commented Mar 8, 2018

+1 thanks man save my time and searches

@vaultdev2017

This comment has been minimized.

Copy link

vaultdev2017 commented May 15, 2018

Thanks...
this saves my time.....

@lekhoi

This comment has been minimized.

Copy link

lekhoi commented Jun 2, 2018

Thank you for the code, saved my weekend :-)

@guruprasad211

This comment has been minimized.

Copy link

guruprasad211 commented Jun 25, 2018

i am not able to solve, my frontend is angularjs 5, searching for solution from last 5 days, please help

@rsbrum

This comment has been minimized.

@shivarajnaidu

This comment has been minimized.

Copy link

shivarajnaidu commented Sep 19, 2018

Simply we can use app.use(cors()) for node module

@heyjoy21

This comment has been minimized.

Copy link

heyjoy21 commented Oct 25, 2018

Thanks much !! you saved alot of time..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.