CORS issue: No 'Access-Control-Allow-Origin' header is present on the requested resource

Question

var enableCORS = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');

// intercept OPTIONS method
if ('OPTIONS' == req.method) {
  res.send(200);
}
else {
  next();
}
};
app.use(enableCORS);

I found out to use the following snippet in the server side, but still when i try to POST I am getting the error No 'Access-Control-Allow-Origin' header is present on the requested resource.

Answer 1

I use only the following line:

res.header("Access-Control-Allow-Origin", "*");

And it works. Any chance you print anything else before sending the headers? headers must be sent before anything else. The middleware code should be prior to anything else.

Are you sure the code is getting executed? do some 'console.log' prints to make sure the enableCORS is being called.

Lastly, use chrome developer tools (or any equivalent tool) to view the headers returned from the server. For chrome, go to network => the problematic request => headers => Response headers, and make sure the CORS headers are there.

Update Try using the following (taken from here):

res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE'); # OPTIONS removed
res.header('Access-Control-Allow-Headers', 'Content-Type');