Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Node.js cross-origin POST. You should response for OPTIONS request first. Something like this.
if (req.method === 'OPTIONS') {
console.log('!OPTIONS');
var headers = {};
// IE8 does not allow domains to be specified, just the *
// headers["Access-Control-Allow-Origin"] = req.headers.origin;
headers["Access-Control-Allow-Origin"] = "*";
headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, OPTIONS";
headers["Access-Control-Allow-Credentials"] = false;
headers["Access-Control-Max-Age"] = '86400'; // 24 hours
headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept";
res.writeHead(200, headers);
res.end();
} else {
//...other requests
}
@kentcdodds

This comment has been minimized.

Copy link

commented Jul 16, 2013

Thanks! Pulled me out of a bind :)

@ghost

This comment has been minimized.

Copy link

commented Aug 22, 2013

Thanks a bunch for this!

@kennardconsulting

This comment has been minimized.

Copy link

commented Oct 10, 2013

+1

@moussahoumani

This comment has been minimized.

Copy link

commented Nov 3, 2013

Wow I like this code very much but was the else statement really necessary if you weren't going to put any code inside, just saying you could of saved a couple lines of code and made the program a bit shorter, Besides that I liked it good job.

@ChristianRich

This comment has been minimized.

Copy link

commented Mar 20, 2014

Totally works. Thanks!

@mrmurphy

This comment has been minimized.

Copy link

commented May 27, 2014

Super

@micahblu

This comment has been minimized.

Copy link

commented Jul 16, 2014

it actually works :)

@matsilva

This comment has been minimized.

Copy link

commented Apr 28, 2015

Wow its moments like these that I remember that i 'know nothing!' Thanks!

@UstymUkhman

This comment has been minimized.

Copy link

commented Jun 21, 2015

Thank a lot! I've spent hours to make that work without extentions.

@Qblack

This comment has been minimized.

Copy link

commented Jun 28, 2015

Thank you, this works great but apparently if you trying to pass a token on the GET you may still need to add Authorization to the list of accepted Headers.

@Erichain

This comment has been minimized.

Copy link

commented Jan 26, 2016

Thank you very much.
But when I use your code to my app, it still says there is a CORS problem.
If I write as this ( put the headers code outside the if condition ):

var app = http.createServer(function ( req, res, next ) {
    var headers = {};

    // set header to handle the CORS
    headers['Access-Control-Allow-Origin'] = '*';
    headers['Access-Control-Allow-Headers'] = 'Content-Type, Content-Length, Authorization, Accept, X-Requested-With';
    headers['Access-Contrl-Allow-Methods'] = 'PUT, POST, GET, DELETE, OPTIONS';
    headers["Access-Control-Max-Age"] = '86400';
    res.writeHead(200, headers);

    if ( req.method === 'OPTIONS' ) {
        console.log('OPTIONS SUCCESS');
        res.end();
    }
    else {
        //other requests
    }
});

The problem disappears.

@forl

This comment has been minimized.

Copy link

commented Mar 26, 2016

Great! this helped me a lot .

@cameronroe

This comment has been minimized.

Copy link

commented Sep 20, 2016

@daviidesnow

This comment has been minimized.

Copy link

commented Mar 9, 2017

#awesome

@harihasr

This comment has been minimized.

Copy link

commented Jun 29, 2017

Thanks a ton for this! It saved me some sleepless nights

@victor245

This comment has been minimized.

Copy link

commented Jul 3, 2017

works fine in Chrome, but not in FF !
To work in FireFox : "Access-Control-Allow-Headers" must also have 'cache-control'.
found it in http://help.octopusdeploy.com/discussions/problems/30952-set-access-control-allow-origin.
I could not find any doc, but it works for me: FF 54.0 Ubuntu - Node.js 6.9.5 Ubuntu.

@lostation

This comment has been minimized.

Copy link

commented Aug 6, 2017

@nilcolor @cameronroe YOU SAVED ME ! THANKS A LOT !!! I spent 2 days on fu** issues of preflight...

@falsy

This comment has been minimized.

Copy link

commented Feb 22, 2018

@nilcolor @cameronroe Thank you! This is the information I really wanted!

@mirzaumersaleem

This comment has been minimized.

Copy link

commented Mar 8, 2018

+1 thanks man save my time and searches

@vaultdev2017

This comment has been minimized.

Copy link

commented May 15, 2018

Thanks...
this saves my time.....

@lekhoi

This comment has been minimized.

Copy link

commented Jun 2, 2018

Thank you for the code, saved my weekend :-)

@guruprasad211

This comment has been minimized.

Copy link

commented Jun 25, 2018

i am not able to solve, my frontend is angularjs 5, searching for solution from last 5 days, please help

@rsbrum

This comment has been minimized.

@shivarajnaidu

This comment has been minimized.

Copy link

commented Sep 19, 2018

Simply we can use app.use(cors()) for node module

@heyjoy21

This comment has been minimized.

Copy link

commented Oct 25, 2018

Thanks much !! you saved alot of time..

@mazzespazze

This comment has been minimized.

Copy link

commented Apr 5, 2019

From a noob. Where should you put such a code?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.