Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Node.js cross-origin POST. You should response for OPTIONS request first. Something like this.
if (req.method === 'OPTIONS') {
console.log('!OPTIONS');
var headers = {};
// IE8 does not allow domains to be specified, just the *
// headers["Access-Control-Allow-Origin"] = req.headers.origin;
headers["Access-Control-Allow-Origin"] = "*";
headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, OPTIONS";
headers["Access-Control-Allow-Credentials"] = false;
headers["Access-Control-Max-Age"] = '86400'; // 24 hours
headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept";
res.writeHead(200, headers);
res.end();
} else {
//...other requests
}
@kentcdodds

This comment has been minimized.

Show comment Hide comment
@kentcdodds

kentcdodds Jul 16, 2013

Thanks! Pulled me out of a bind :)

Thanks! Pulled me out of a bind :)

This comment has been minimized.

Show comment Hide comment
@ghost

ghost Aug 22, 2013

Thanks a bunch for this!

ghost commented Aug 22, 2013

Thanks a bunch for this!

@kennardconsulting

This comment has been minimized.

Show comment Hide comment
@kennardconsulting

kennardconsulting Oct 10, 2013

+1

@moussahoumani

This comment has been minimized.

Show comment Hide comment
@moussahoumani

moussahoumani Nov 3, 2013

Wow I like this code very much but was the else statement really necessary if you weren't going to put any code inside, just saying you could of saved a couple lines of code and made the program a bit shorter, Besides that I liked it good job.

Wow I like this code very much but was the else statement really necessary if you weren't going to put any code inside, just saying you could of saved a couple lines of code and made the program a bit shorter, Besides that I liked it good job.

@ChristianRich

This comment has been minimized.

Show comment Hide comment
@ChristianRich

ChristianRich Mar 20, 2014

Totally works. Thanks!

Totally works. Thanks!

@splodingsocks

This comment has been minimized.

Show comment Hide comment
@splodingsocks

splodingsocks May 27, 2014

Super

Super

@micahblu

This comment has been minimized.

Show comment Hide comment
@micahblu

micahblu Jul 16, 2014

it actually works :)

it actually works :)

@matsilva

This comment has been minimized.

Show comment Hide comment
@matsilva

matsilva Apr 28, 2015

Wow its moments like these that I remember that i 'know nothing!' Thanks!

Wow its moments like these that I remember that i 'know nothing!' Thanks!

@UstymUkhman

This comment has been minimized.

Show comment Hide comment
@UstymUkhman

UstymUkhman Jun 21, 2015

Thank a lot! I've spent hours to make that work without extentions.

Thank a lot! I've spent hours to make that work without extentions.

@Qblack

This comment has been minimized.

Show comment Hide comment
@Qblack

Qblack Jun 28, 2015

Thank you, this works great but apparently if you trying to pass a token on the GET you may still need to add Authorization to the list of accepted Headers.

Qblack commented Jun 28, 2015

Thank you, this works great but apparently if you trying to pass a token on the GET you may still need to add Authorization to the list of accepted Headers.

@Erichain

This comment has been minimized.

Show comment Hide comment
@Erichain

Erichain Jan 26, 2016

Thank you very much.
But when I use your code to my app, it still says there is a CORS problem.
If I write as this ( put the headers code outside the if condition ):

var app = http.createServer(function ( req, res, next ) {
    var headers = {};

    // set header to handle the CORS
    headers['Access-Control-Allow-Origin'] = '*';
    headers['Access-Control-Allow-Headers'] = 'Content-Type, Content-Length, Authorization, Accept, X-Requested-With';
    headers['Access-Contrl-Allow-Methods'] = 'PUT, POST, GET, DELETE, OPTIONS';
    headers["Access-Control-Max-Age"] = '86400';
    res.writeHead(200, headers);

    if ( req.method === 'OPTIONS' ) {
        console.log('OPTIONS SUCCESS');
        res.end();
    }
    else {
        //other requests
    }
});

The problem disappears.

Thank you very much.
But when I use your code to my app, it still says there is a CORS problem.
If I write as this ( put the headers code outside the if condition ):

var app = http.createServer(function ( req, res, next ) {
    var headers = {};

    // set header to handle the CORS
    headers['Access-Control-Allow-Origin'] = '*';
    headers['Access-Control-Allow-Headers'] = 'Content-Type, Content-Length, Authorization, Accept, X-Requested-With';
    headers['Access-Contrl-Allow-Methods'] = 'PUT, POST, GET, DELETE, OPTIONS';
    headers["Access-Control-Max-Age"] = '86400';
    res.writeHead(200, headers);

    if ( req.method === 'OPTIONS' ) {
        console.log('OPTIONS SUCCESS');
        res.end();
    }
    else {
        //other requests
    }
});

The problem disappears.

@forl

This comment has been minimized.

Show comment Hide comment
@forl

forl Mar 26, 2016

Great! this helped me a lot .

forl commented Mar 26, 2016

Great! this helped me a lot .

@cameronroe

This comment has been minimized.

Show comment Hide comment
@daviidesnow

This comment has been minimized.

Show comment Hide comment
@daviidesnow

daviidesnow Mar 9, 2017

#awesome

#awesome

@harihasr

This comment has been minimized.

Show comment Hide comment
@harihasr

harihasr Jun 29, 2017

Thanks a ton for this! It saved me some sleepless nights

Thanks a ton for this! It saved me some sleepless nights

@victor245

This comment has been minimized.

Show comment Hide comment
@victor245

victor245 Jul 3, 2017

works fine in Chrome, but not in FF !
To work in FireFox : "Access-Control-Allow-Headers" must also have 'cache-control'.
found it in http://help.octopusdeploy.com/discussions/problems/30952-set-access-control-allow-origin.
I could not find any doc, but it works for me: FF 54.0 Ubuntu - Node.js 6.9.5 Ubuntu.

victor245 commented Jul 3, 2017

works fine in Chrome, but not in FF !
To work in FireFox : "Access-Control-Allow-Headers" must also have 'cache-control'.
found it in http://help.octopusdeploy.com/discussions/problems/30952-set-access-control-allow-origin.
I could not find any doc, but it works for me: FF 54.0 Ubuntu - Node.js 6.9.5 Ubuntu.

@lostation

This comment has been minimized.

Show comment Hide comment
@lostation

lostation Aug 6, 2017

@nilcolor @cameronroe YOU SAVED ME ! THANKS A LOT !!! I spent 2 days on fu** issues of preflight...

lostation commented Aug 6, 2017

@nilcolor @cameronroe YOU SAVED ME ! THANKS A LOT !!! I spent 2 days on fu** issues of preflight...

@falsy

This comment has been minimized.

Show comment Hide comment
@falsy

falsy Feb 22, 2018

@nilcolor @cameronroe Thank you! This is the information I really wanted!

falsy commented Feb 22, 2018

@nilcolor @cameronroe Thank you! This is the information I really wanted!

@mirzaumersaleem

This comment has been minimized.

Show comment Hide comment
@mirzaumersaleem

mirzaumersaleem Mar 8, 2018

+1 thanks man save my time and searches

+1 thanks man save my time and searches

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment