https://stackabuse.com/get-http-post-body-in-express-js/
https://stackoverflow.com/questions/5710358/how-to-access-post-form-fields
VM35:1 Refused to connect to 'http://127.0.0.1:3000/api/post' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
http://127.0.0.1:3000/api/get?q={%22username%22:%22xgqfrms%22}
res.set("Content-Security-Policy", "default-src 'self'");
https://content-security-policy.com/examples/express-js/
app.use(function(req, res, next) {
res.setHeader("Content-Security-Policy", "script-src 'self' https://apis.google.com");
return next();
});
app.use(function (req, res, next) {
// JSON parse
// console.log('req.body', req.body);
// CORS bug
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
// res.header("Content-Security-Policy", "connect-src *");
res.header("Content-Security-Policy", "connect-src '*'");
// res.header("Content-Security-Policy", "connect-src localhost");
// Content-Security-Policy: connect-src <source>;
// Content-Security-Policy: connect-src <source> <source>;
// res.header('Content-Type', 'application/json');
// res.setHeader('Content-Type', 'application/json');
next();
});
http://localhost:3000/api/get?q={%22username%22:%22xgqfrms%22}
fetch(`http://localhost:3000/api/post`, {
body: JSON.stringify({key: "value"}),
cache: "no-cache",
headers: {
"Content-Type": "application/json",
},
method: "POST",
mode: "cors",
})
.then(res => {
console.log(`res =`, res)
return res.json()
})
// .then(res => res.json())
.then(json => console.log(`json =`, json))
.catch(err => console.error(`error =`, err));
http://127.0.0.1:3000/api/get?q={%22username%22:%22xgqfrms%22}