How to enable cross-origin resource sharing (CORS) in the express.js framework on node.js

by

Check out the example from enable-cors.org:

In your ExpressJS app on node.js, do the following with your routes:

app.all("https://stackoverflow.com/", function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "X-Requested-With");
  next();
 });

app.get("https://stackoverflow.com/", function(req, res, next) {
  // Handle the get for this route
});

app.post("https://stackoverflow.com/", function(req, res, next) {
 // Handle the post for this route
});

The first call (app.all) should be made before all the other routes in your app (or at least the ones you want to be CORS enabled).

[Edit]

If you want the headers to show up for static files as well, try this (make sure it’s before the call to use(express.static()):

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "X-Requested-With");
  next();
});

I tested this with your code, and got the headers on assets from the public directory:

var express = require('express')
  , app = express.createServer();

app.configure(function () {
    app.use(express.methodOverride());
    app.use(express.bodyParser());
    app.use(function(req, res, next) {
      res.header("Access-Control-Allow-Origin", "*");
      res.header("Access-Control-Allow-Headers", "X-Requested-With");
      next();
    });
    app.use(app.router);
});

app.configure('development', function () {
    app.use(express.static(__dirname + '/public'));
    app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});

app.configure('production', function () {
    app.use(express.static(__dirname + '/public'));
    app.use(express.errorHandler());
});

app.listen(8888);
console.log('express running at http://localhost:%d', 8888);

You could, of course, package the function up into a module so you can do something like

// cors.js

module.exports = function() {
  return function(req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "X-Requested-With");
    next();
  };
}

// server.js

cors = require('./cors');
app.use(cors());

More Related Contents:

  1. Why doesn’t adding CORS headers to an OPTIONS route allow browsers to access my API?
  2. No ‘Access-Control-Allow-Origin’ – Node / Apache Port Issue
  3. Allow CORS REST request to a Express/Node.js application on Heroku
  4. POST request not allowed – 405 Not Allowed – nginx, even with headers included
  5. Access to XMLHttpRequest at ‘…’ from origin ‘localhost:3000’ has been blocked by CORS policy
  6. Getting express server to accept CORS request
  7. CORS-enabled server not denying requests
  8. Unable to delete data from mongoDB
  9. collection is not defined in mongodb
  10. Express.js req.body undefined
  11. Cannot overwrite model once compiled Mongoose
  12. Setting the port for node.js server on Heroku
  13. Cannot POST / error using express
  14. req.locals vs. res.locals vs. res.data vs. req.data vs. app.locals in Express middleware
  15. Cannot enqueue Handshake after invoking quit
  16. ExpressJS : How to redirect a POST request with parameters
  17. Node.js (with express & bodyParser): unable to obtain form-data from post request
  18. Print raw html strings on EJS
  19. How to create global variables accessible in all views using Express / Node.JS?
  20. MongoNetworkError: failed to connect to server [localhost:27017] on first connect [MongoNetworkError: connect ECONNREFUSED 127.0.0.1:27017]
  21. Why can I execute code after “res.send”?
  22. How to create .pem files for https web server
  23. How to send an html page as email in nodejs
  24. Deploy Nodejs on Heroku fails serving static files located in subfolders
  25. What are “signed” cookies in connect/expressjs?
  26. Node.js, can’t open files. Error: ENOENT, stat ‘./path/to/file’
  27. How to know if user is logged in with passport.js?
  28. Why POST redirects to GET and PUT redirects to PUT?
  29. Passing arguments to require (when loading module)
  30. Node.js – logging / Use morgan and winston

Leave a Comment