-
-
Save nilcolor/816580 to your computer and use it in GitHub Desktop.
if (req.method === 'OPTIONS') { | |
console.log('!OPTIONS'); | |
var headers = {}; | |
// IE8 does not allow domains to be specified, just the * | |
// headers["Access-Control-Allow-Origin"] = req.headers.origin; | |
headers["Access-Control-Allow-Origin"] = "*"; | |
headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, OPTIONS"; | |
headers["Access-Control-Allow-Credentials"] = false; | |
headers["Access-Control-Max-Age"] = '86400'; // 24 hours | |
headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept"; | |
res.writeHead(200, headers); | |
res.end(); | |
} else { | |
//...other requests | |
} |
Thank you, this works great but apparently if you trying to pass a token on the GET you may still need to add Authorization to the list of accepted Headers.
Thank you very much.
But when I use your code to my app, it still says there is a CORS problem.
If I write as this ( put the headers code outside the if condition ):
var app = http.createServer(function ( req, res, next ) {
var headers = {};
// set header to handle the CORS
headers['Access-Control-Allow-Origin'] = '*';
headers['Access-Control-Allow-Headers'] = 'Content-Type, Content-Length, Authorization, Accept, X-Requested-With';
headers['Access-Contrl-Allow-Methods'] = 'PUT, POST, GET, DELETE, OPTIONS';
headers["Access-Control-Max-Age"] = '86400';
res.writeHead(200, headers);
if ( req.method === 'OPTIONS' ) {
console.log('OPTIONS SUCCESS');
res.end();
}
else {
//other requests
}
});
The problem disappears.
Great! this helped me a lot .
#awesome
Thanks a ton for this! It saved me some sleepless nights
works fine in Chrome, but not in FF !
To work in FireFox : "Access-Control-Allow-Headers" must also have 'cache-control'.
found it in http://help.octopusdeploy.com/discussions/problems/30952-set-access-control-allow-origin.
I could not find any doc, but it works for me: FF 54.0 Ubuntu - Node.js 6.9.5 Ubuntu.
@nilcolor @cameronroe YOU SAVED ME ! THANKS A LOT !!! I spent 2 days on fu** issues of preflight...
@nilcolor @cameronroe Thank you! This is the information I really wanted!
+1 thanks man save my time and searches
Thanks...
this saves my time.....
Thank you for the code, saved my weekend :-)
i am not able to solve, my frontend is angularjs 5, searching for solution from last 5 days, please help
@guruprasad211 are you getting a CORS or CORB issue? https://www.chromium.org/Home/chromium-security/corb-for-developers or try using my code https://github.com/rsbrum/NodeJS-RESTAPI-JWTAuth
Simply we can use app.use(cors()) for node module
Thanks much !! you saved alot of time..
From a noob. Where should you put such a code?
Thanks!
From a noob. Where should you put such a code?
const express = require('express');
express()
.options('', (req, res) => {
console.log('OPTIONS request!');
var headers = {};
headers["Access-Control-Allow-Origin"] = "";
headers["Access-Control-Allow-Methods"] = "POST, GET, PUT, DELETE, OPTIONS";
headers["Access-Control-Allow-Credentials"] = false;
headers["Access-Control-Max-Age"] = '86400'; // 24 hours
headers["Access-Control-Allow-Headers"] = "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept, Authorization, cache-control";
res.writeHead(200, headers);
res.end();
})
+1
9 years later, this post saved me ❤
my hero!
Thank a lot! I've spent hours to make that work without extentions.