Socket.io + Node.js Cross-Origin Request Blocked

by

Simple Server-Side Fix

❗ DO NOT USE “socketio” package… use “socket.io” instead. “socketio” is out of date. Some users seem to be using the wrong package.

❗ SECURITY WARNING: Setting origin * opens up the ability for phishing sites to imitate the look and feel of your site and then have it work just the same while grifting user info. If you set the origin, you can make their job harder, not easier. Also looking into using a CSRF token as well would be a great idea.

socket.io v3

docs: https://socket.io/docs/v3/handling-cors/

cors options: https://www.npmjs.com/package/cors

const io = require('socket.io')(server, {
  cors: {
    origin: '*',
  }
});

socket.io < v3

const io = require('socket.io')(server, { origins: '*:*'});

or

io.set('origins', '*:*');

or

io.origins('*:*') // for latest version

* alone doesn’t work which took me down rabbit holes.

More Related Contents:

  1. nginx as webserver incl. socket.io and node.js / ws:// 400 Bad Request
  2. Use socket.io inside a express routes file
  3. How to share sessions with Socket.IO 1.x and Express 4.x?
  4. Get the client’s IP address in socket.io
  5. Socket.IO – how do I get a list of connected sockets/clients?
  6. Allow CORS REST request to a Express/Node.js application on Heroku
  7. Which websocket library to use with Node.js? [closed]
  8. What is an example of the simplest possible Socket.io example?
  9. socket.io rooms or namespacing?
  10. Is it possible to combine React Native with socket.io
  11. How to debug a socket hang up error in NodeJS?
  12. How to enable CORS in Nginx proxy server?
  13. What’s the difference between io.sockets.emit and broadcast?
  14. Enable Access-Control-Allow-Origin for multiple domains in Node.js [duplicate]
  15. socket.io: Failed to load resource
  16. How to get room’s clients list in socket.io 1.0
  17. Examples in using RedisStore in socket.io
  18. how to list rooms on socket.io nodejs server
  19. socket.io force a disconnect over XHR-polling
  20. Websocket transport reliability (Socket.io data loss during reconnection)
  21. Access to XMLHttpRequest at ‘…’ from origin ‘localhost:3000’ has been blocked by CORS policy
  22. How to resolve a Socket.io 404 (Not Found) error?
  23. Can I access a cookie from Socket.io?
  24. socket.io, ‘Access-Control-Allow-Origin’ error
  25. How to use socket.io in express routes?
  26. NPM – Can’t install socket.IO
  27. CORS-enabled server not denying requests
  28. Socket.io rooms difference between broadcast.to and sockets.in
  29. How to connect two node.js servers with websockets?
  30. socket.io private message

Leave a Comment