{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 We Are One 的问题《CORS express not working predictably》','https://www.manongdao.com/q-1337122.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to allow access from everywhere.
I have tried using app middleware:
app.use(function (req, res, next) {
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader('Access-Control-Allow-Methods', '*');
res.setHeader("Access-Control-Allow-Headers", "*");
next();
});
I have tried using it in the route:
app.post('/login',function(req,res){
var login = req.body;
var sess = req.session;
if (!login.email && !login.pwd){
return res.status(401);
}
res.header("Access-Control-Allow-Origin", '*');
res.header("Access-Control-Allow-Headers", '*');
.... more code here
Both do not work. I keep getting an error: "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
Further down the server, we use similar code for another route, which works:
app.post('/questar',function(req,res){
//allow xhr post from retireup domains
var cors = {
origin= "https://www.website.com";
};
res.header("Access-Control-Allow-Origin", cors.origin);
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
res.type('application/json');
I cannot tell the difference between the code, but only one set works. Any ideas why? This seems like an issue that shouldn't be so complicated. Thanks
After applying "cors" middleware. You should be passed "http://" before "localhost:". in url send to by Axios like this:
Following other's answers, this worked for me:
MDN has a very short explanation on how a server should respond to a Preflight Request.
You handle CORS preflight requests by handling the HTTP OPTIONS method (just like you would handle GET and POST methods) before handling other request methods on the same route:
In your case, it might be as simple as changing your
app.use()call toapp.options(), passing the route as the first argument, setting the appropriate headers, then ending the response:Configure the CORS stuff before your routes, not inside them.
Here, like this (from enable-cors.org):
I always configure it like this in my Express+Angular apps and it works just fine.
Hope it helps.
Following some standard node projects out there, below CORS configuration worked for me always. It requires the npm package 'cors'. Note: Origin * means enabling responses to any origin and replies with status code 200. If this needs to be limited to one domain, update the origin accordingly. Ex: [origin: 'http://exampleui.com']
First install, the "cors" package from npm:
npm i -S corsThen enable it in your express server.