Skip to content

Instantly share code, notes, and snippets.

@balupton

balupton/cors.js

Created September 11, 2012 05:21
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save balupton/3696140 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save balupton/3696140 to your computer and use it in GitHub Desktop.
Download ZIP
Acheiving CORS via a Node HTTP Server
Raw
cors.js
// Create our server
var server;
server = http.createServer(function(req,res){
// Set CORS headers
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Request-Method', '*');
res.setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
res.setHeader('Access-Control-Allow-Headers', '*');
if ( req.method === 'OPTIONS' ) {
res.writeHead(200);
res.end();
return;
}
// ...
});
@modeswitch
Copy link
Copy Markdown

modeswitch commented Apr 21, 2015

I just tried this and apparently * is not permitted for the Access-Control-Allow-Headers header.

@brunofin
Copy link
Copy Markdown

brunofin commented Sep 30, 2015

If * is not permitted, what should be used then? Thanks

@afshinm
Copy link
Copy Markdown

afshinm commented Nov 17, 2015

+1. saved an hour.

@michaellujan
Copy link
Copy Markdown

michaellujan commented Mar 1, 2016

You need to just allow origin:

res.setHeader('Access-Control-Allow-Headers', req.header.origin);

@thadk
Copy link
Copy Markdown

thadk commented Mar 19, 2016

Failing that:

If you using Chrome and your not sure what headers are being requested, use the Developer Console, Network select the call being made and you can view what headers are being requested by Access-Control-Request-Headers

(http://stackoverflow.com/questions/32500073/request-header-field-access-control-allow-headers-is-not-allowed-by-itself-in-pr)

e.g.:
res.setHeader('Access-Control-Allow-Headers', 'authorization, content-type');

@Steveb-p
Copy link
Copy Markdown

Steveb-p commented Nov 15, 2017

@michaellujan
for reference, req contains headers, not header.

@HarryAmmon
Copy link
Copy Markdown

HarryAmmon commented Feb 25, 2019

Thanks

@FuTTiiZ
Copy link
Copy Markdown

FuTTiiZ commented Mar 22, 2020

thanks <3

@JoseJavierCalvoMoratilla
Copy link
Copy Markdown

JoseJavierCalvoMoratilla commented Oct 7, 2020

Thanks a lot!

@diegowinter
Copy link
Copy Markdown

diegowinter commented Dec 19, 2020

Thanks!!!

@OleksandrDanylchenko
Copy link
Copy Markdown

OleksandrDanylchenko commented Jan 6, 2021

My appreciation!

@joegasewicz
Copy link
Copy Markdown

joegasewicz commented Jun 14, 2021

Thanks!

@andreas-haller
Copy link
Copy Markdown

andreas-haller commented Jul 22, 2021

Actually there is $ http-server --cors which works nice for me.

@sebasmrl
Copy link
Copy Markdown

sebasmrl commented Aug 23, 2021

Bro muchas gracias me funcionó a la perfeccion he estado buscando la solucion del cors de forma nativa en node desde hace mucho, no me gusta usar tantas dependencias, en serio muchas gracias

@whoacowboy
Copy link
Copy Markdown

whoacowboy commented Jun 14, 2022

Seven years later and this has saved me a day.

@ggaabe
Copy link
Copy Markdown

ggaabe commented Aug 10, 2022

The most important aspect of what differentiates this code from most stackoverflow answers / blogposts is that it returns these headers both on the prefetch response to the OPTIONS request, and on the actual response delivering the requested data.

@PaulSimode
Copy link
Copy Markdown

PaulSimode commented Sep 8, 2023
edited
Loading

Failing that:

If you using Chrome and your not sure what headers are being requested, use the Developer Console, Network select the call being made and you can view what headers are being requested by Access-Control-Request-Headers

(http://stackoverflow.com/questions/32500073/request-header-field-access-control-allow-headers-is-not-allowed-by-itself-in-pr)

e.g.: res.setHeader('Access-Control-Allow-Headers', 'authorization, content-type');

This did it, finally. Thanks +1(000)!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment