Mobile Technologies Web Technologies Digital Marketing Creative Design Career Talk Medical General Tech Interviews Internet Of Things

Embark on a journey of knowledge! Take the quiz and earn valuable credits.

Take A Quiz

Challenge yourself and boost your learning! Start the quiz now to earn credits.

Take A Quiz

Unlock your potential! Begin the quiz, answer questions, and accumulate credits along the way.

Take A Quiz

Popular Categories

Interview Questions
QuestionBank
Quantitative Aptitude
Engineering
Govt Exams
Digital Marketing
Management
Interviews
All

How to allow CORS?

General Tech Bugs & Fixes 2 years ago

0 10 0 0 0 tuteeHUB earn credit +10 pts
5 Star Rating 1 Rating
Previous Next

Posted on 16 Aug 2022, this text provides information on Bugs & Fixes related to General Tech. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.

Take Quiz To Earn Credits!

Turn Your Knowledge into Earnings.

tuteehub_quiz

Answers (10)

Post Answer
profilepic.png
manpreet Tuteehub forum best answer Best Answer 2 years ago

I am trying to support CORS in my Node.js application that uses the Express.js web framework. I have read a Google group discussion about how to handle this, and read a few articles about how CORS works. First, I did this (code is written in CoffeeScript syntax):

app.options "*", (req, res) ->
  res.header 'Access-Control-Allow-Origin', '*'
  res.header 'Access-Control-Allow-Credentials', true
  # try: 'POST, GET, PUT, DELETE, OPTIONS'
  res.header 'Access-Control-Allow-Methods', 'GET, OPTIONS'
  # try: 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept'
  res.header 'Access-Control-Allow-Headers', 'Content-Type'
  # ...

It doesn't seem to work. It seems like my browser (Chrome) is not sending the initial OPTIONS request. When I just updated the block for the resource I need to submit a cross-origin GET request to:

app.get "/somethingelse", (req, res) ->
  # ...
  res.header 'Access-Control-Allow-Origin', '*'
  res.header 'Access-Control-Allow-Credentials', true
  res.header 'Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE, OPTIONS'
  res.header 'Access-Control-Allow-Headers', 'Content-Type'
  # ...

It works (in Chrome). This also works in Safari.

I have read that...

In a browser implementing CORS, each cross-origin GET or POST request is preceded by an OPTIONS request that checks whether the GET or POST is OK.

So my main question is, how come this doesn't seem to happen in my case? Why isn't my app.options block called? Why do I need to set the headers in my main app.get block?

0 views
0 shares
profilepic.png
manpreet 2 years ago

To answer your main question, the CORS spec only requires the OPTIONS call to precede the POST or GET if the POST or GET has any non-simple content or headers in it.

Content-Types that require a CORS pre-flight request (the OPTIONS call) are any Content-Type except the following:

  1. application/x-www-form-urlencoded
  2. multipart/form-data
  3. text/plain

Any other Content-Types apart from those listed above will trigger a pre-flight request.

As for Headers, any Request Headers apart from the following will trigger a pre-flight request:

  1. Accept
  2. Accept-Language
  3. Content-Language
  4. Content-Type
  5. DPR
  6. Save-Data
  7. Viewport-Width
  8. Width

Any other Request Headers will trigger the pre-flight request.

So, you could add a custom header such as: x-Trigger: CORS, and that should trigger the pre-flight request and hit the OPTIONS block.

See MDN Web API Reference - CORS Preflighted requests


0 views   0 shares
profilepic.png
manpreet 2 years ago

I found the easiest way is to use the node.js package cors. The simplest usage is:

var cors = require('cors')

var app = express()
app.use(cors())

There are, of course many ways to configure the behaviour to your needs; the page linked above shows a number of examples.


0 views   0 shares
profilepic.png
manpreet 2 years ago

Try passing control to the next matching route. If Express is matching app.get route first, then it won't continue onto the options route unless you do this (note use of next):

app.get('somethingelse', function(req, res, next) {
    //..set headers etc.

    next();
});

In terms of organising the CORS stuff, I put it in a middleware which is working well for me:

//CORS middleware
var allowCrossDomain = function(req, res, next) {
    res.header('Access-Control-Allow-Origin', 'example.com');
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
    res.header('Access-Control-Allow-Headers', 'Content-Type');

    next();
}

//...
app.configure(function() {
    app.use(express.bodyParser());
    app.use(express.cookieParser());
    app.use(express.session({ secret: 'cool beans' }));
    app.use(express.methodOverride());
    app.use(allowCrossDomain);
    app.use(app.router);
    app.use(express.static(__dirname + '/public'));
});

 

0 views   0 shares
profilepic.png
manpreet 2 years ago

To stay in the same idea of routing. I use this code :

app.all('/*', function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "X-Requested-With");
  next();
});

Similar to http://enable-cors.org/server_expressjs.html example

 

0 views   0 shares
profilepic.png
manpreet 2 years ago

do

npm install cors --save

and just add these lines in your main file where your request going (keep it before any route).

const cors = require('cors');
const express = require('express');
let app = express();
app.use(cors());
app.options('*', cors());
 

0 views   0 shares

No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.

Q

What is the full form of NABARD ?

Banking, Finance & Insurance
Q

How to refresh app upon shaking the device?

Mobile Technologies
Q

What are the govt exams after BCA?

Career Talk
Q

TYPO3 v8. Override function in Core class

General Tech
Q

Why do people in India give so much importance to Government jobs?

Commerce & Accounting
Q

<div>zkskKsk</div>

Mobile Technologies 0 Answers
Q

<span style="font-size: 1em;">Qwerty 4</span>

Digital Marketing 0 Answers
Q

<div>What are the key differences between AMOLED and LCD displays in smartphones?</div>

Mobile Technologies 0 Answers
Q

<div>What are the key challenges in Mobile App Development for Cross-Platform Solutions?</div>

Mobile Technologies 0 Answers
Q

who is the smallest man in the world

General Tech 0 Answers

Explore Other Libraries

Blogs Tutorials Question Bank Feeds Careernews

Tags

CORS

Important General Tech Links

 Bugs & Fixes
 Technology & Software
 Learning Aids/Tools
 QA/Testing