Skip to content

Instantly share code, notes, and snippets.

@balupton
Created September 11, 2012 05:21
Show Gist options
  • Save balupton/3696140 to your computer and use it in GitHub Desktop.
Save balupton/3696140 to your computer and use it in GitHub Desktop.
Acheiving CORS via a Node HTTP Server
// Create our server
var server;
server = http.createServer(function(req,res){
// Set CORS headers
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Request-Method', '*');
res.setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
res.setHeader('Access-Control-Allow-Headers', '*');
if ( req.method === 'OPTIONS' ) {
res.writeHead(200);
res.end();
return;
}
// ...
});
@HarryAmmon
Copy link

Thanks

@FuTTiiZ
Copy link

FuTTiiZ commented Mar 22, 2020

thanks <3

@JoseJavierCalvoMoratilla

Thanks a lot!

@diegowinter
Copy link

Thanks!!!

@OleksandrDanylchenko
Copy link

My appreciation!

@joegasewicz
Copy link

Thanks!

@nc-andreashaller
Copy link

Actually there is $ http-server --cors which works nice for me.

@sebasmrl
Copy link

Bro muchas gracias me funcionó a la perfeccion he estado buscando la solucion del cors de forma nativa en node desde hace mucho, no me gusta usar tantas dependencias, en serio muchas gracias

@whoacowboy
Copy link

Seven years later and this has saved me a day.

@ggaabe
Copy link

ggaabe commented Aug 10, 2022

The most important aspect of what differentiates this code from most stackoverflow answers / blogposts is that it returns these headers both on the prefetch response to the OPTIONS request, and on the actual response delivering the requested data.

@PaulSimode
Copy link

PaulSimode commented Sep 8, 2023

Failing that:

If you using Chrome and your not sure what headers are being requested, use the Developer Console, Network select the call being made and you can view what headers are being requested by Access-Control-Request-Headers

(http://stackoverflow.com/questions/32500073/request-header-field-access-control-allow-headers-is-not-allowed-by-itself-in-pr)

e.g.: res.setHeader('Access-Control-Allow-Headers', 'authorization, content-type');

This did it, finally. Thanks +1(000)!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment