Skip to content

Instantly share code, notes, and snippets.

@nilcolor

nilcolor/Node.js CORS

Created February 8, 2011 15:28
Show Gist options
  • Star 76 You must be signed in to star a gist
  • Fork 17 You must be signed in to fork a gist
  • Save nilcolor/816580 to your computer and use it in GitHub Desktop.
Save nilcolor/816580 to your computer and use it in GitHub Desktop.
Download ZIP
Node.js cross-origin POST. You should response for OPTIONS request first. Something like this.
Raw
Node.js CORS
if (req.method === 'OPTIONS') {
console.log('!OPTIONS');
var headers = {};
// IE8 does not allow domains to be specified, just the *
// headers["Access-Control-Allow-Origin"] = req.headers.origin;
headers["Access-Control-Allow-Origin"] = "*";
headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, OPTIONS";
headers["Access-Control-Allow-Credentials"] = false;
headers["Access-Control-Max-Age"] = '86400'; // 24 hours
headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept";
res.writeHead(200, headers);
res.end();
} else {
//...other requests
}
@ninjasort
Copy link

There's a module for this.

@DavidKahnt
Copy link

#awesome

@harihasr
Copy link

Thanks a ton for this! It saved me some sleepless nights

@victor737-max
Copy link

victor737-max commented Jul 3, 2017
edited

works fine in Chrome, but not in FF !
To work in FireFox : "Access-Control-Allow-Headers" must also have 'cache-control'.
found it in http://help.octopusdeploy.com/discussions/problems/30952-set-access-control-allow-origin.
I could not find any doc, but it works for me: FF 54.0 Ubuntu - Node.js 6.9.5 Ubuntu.

@lostation
Copy link

lostation commented Aug 6, 2017
edited

@nilcolor @cameronroe YOU SAVED ME ! THANKS A LOT !!! I spent 2 days on fu** issues of preflight...

@falsy
Copy link

falsy commented Feb 22, 2018

@nilcolor @cameronroe Thank you! This is the information I really wanted!

@mirzaumersaleem
Copy link

+1 thanks man save my time and searches

@vaultdev2017
Copy link

Thanks...
this saves my time.....

@lekhoi
Copy link

lekhoi commented Jun 2, 2018

Thank you for the code, saved my weekend :-)

@guruprasad211
Copy link

i am not able to solve, my frontend is angularjs 5, searching for solution from last 5 days, please help

@rsbrum
Copy link

rsbrum commented Jun 25, 2018

@guruprasad211 are you getting a CORS or CORB issue? https://www.chromium.org/Home/chromium-security/corb-for-developers or try using my code https://github.com/rsbrum/NodeJS-RESTAPI-JWTAuth

@shivarajnaidu
Copy link

Simply we can use app.use(cors()) for node module

@heyjoy21
Copy link

Thanks much !! you saved alot of time..

@mazzespazze
Copy link

From a noob. Where should you put such a code?

@Asaf-S
Copy link

Asaf-S commented Oct 3, 2019

Thanks!

From a noob. Where should you put such a code?

const express = require('express');
express()
.options('', (req, res) => {
console.log('OPTIONS request!');
var headers = {};
headers["Access-Control-Allow-Origin"] = "";
headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, OPTIONS";
headers["Access-Control-Allow-Credentials"] = false;
headers["Access-Control-Max-Age"] = '86400'; // 24 hours
headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Authorization, cache-control";
res.writeHead(200, headers);
res.end();
})

@semtagg
Copy link

semtagg commented Mar 31, 2022

+1

@bobbyconnolly
Copy link

9 years later, this post saved me ❤

@ZHAOYANG291
Copy link

my hero!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment