Socket.io + Node.js Cross-Origin Request Blocked

Question

I'm using node and socket.io to write a chat application. It works fine on Chrome but mozilla gives an error to enable the Cross-Origin Requests.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://waleedahmad.kd.io:3000/socket.io/?EIO=2&transport=polling&t=1401964309289-2&sid=1OyDavRDf4WErI-VAAAI. This can be fixed by moving the resource to the same domain or enabling CORS.

Here's my code to start node server.

var express = require('express'),
    app = express(), 
    server = require('http').createServer(app),
    io = require('socket.io').listen(server),
    path = require('path');
server.listen(3000);

app.get('/', function(req, res) {
    res.sendfile(__dirname + '/public/index.html');
});

On the client side.

var socket = io.connect('//waleedahmad.kd.io:3000/');

Script tag on HTML page.

<script type="text/javascript" src="//waleedahmad.kd.io:3000/socket.io/socket.io.js"></script>

I'm also using .htaccess file in the app root directory. (waleedahmad.kd.io/node).

Header add Access-Control-Allow-Origin "*"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

Did you ever get this working? If so, what was your solution? — elynnaie, Jul 28 '14 at 14:45

King Friday · Answer 1 · 2022-03-02T20:53:13.560

281

Simple Server-Side Fix

❗ DO NOT USE "socketio" package... use "socket.io" instead. "socketio" is out of date. Some users seem to be using the wrong package.

❗ SECURITY WARNING: Setting origin * opens up the ability for phishing sites to imitate the look and feel of your site and then have it work just the same while grifting user info. If you set the origin, you can make their job harder, not easier. Also looking into using a CSRF token as well would be a great idea.

socket.io v3

docs: https://socket.io/docs/v3/handling-cors/

cors options: https://www.npmjs.com/package/cors

const io = require('socket.io')(server, {
  cors: {
    origin: '*',
  }
});

socket.io < v3

const io = require('socket.io')(server, { origins: '*:*'});

or

io.set('origins', '*:*');

or

io.origins('*:*') // for latest version

* alone doesn't work which took me down rabbit holes.

edited Mar 02 '22 at 20:53

answered Aug 03 '16 at 16:53

King Friday

25,132
12
90
84

8

I am using latest version and it is not,, its giving me connection refused error – gamer Feb 27 '17 at 11:48
@gamer maybe work through all the first principles then going up, for example, is my firewall blocking the port? Can I ping my server etc etc. – King Friday Mar 30 '17 at 15:50
You are a genius. This is the best solution with express! – abelabbesnabi May 11 '20 at 21:47
6

From v3.x, please refer to this ( https://socket.io/docs/v3/handling-cors/ ) and this ( https://github.com/expressjs/cors#configuration-options ) links. ``` var io = require('socket.io')(http, { 'cors': { 'methods': ['GET', 'PATCH', 'POST', 'PUT'], 'origin': true// accept from any domain } }); ``` – vee Nov 19 '20 at 17:16
@vee Excellent solution! – coderpc Jan 29 '21 at 17:40
This worked for me. Thank you. it saved the day., const io = require('socket.io')(server, { cors: { origin: '*', } }); – Rakshitha Muranga Rodrigo Apr 20 '21 at 17:49
The first one worked, the others gave me an error – Zeyad Shaban May 15 '21 at 07:29
I tried socket.io 4.1.2 on my nodejs server. But it always remain the same problem.What i have to do? – Mijanur Rahman Jun 17 '21 at 23:40
you could use: https://codesandbox.io/ and setup node sandbox... invite people in to edit, i do that myself sometimes, i can take a look if you do that, otherwise, can't see your code – King Friday Jun 17 '21 at 23:54
3

socket.io v4.4.1 only first option working adding `cors: { origin : '*',}}` fixed the problem – Majd Jan 26 '22 at 14:12
@King Friday is that possible to emit particular room at cross domain like io.broadcast.to(socketid).emit('message', 'for your eyes only'); //sending to individual socketid – maranR Oct 11 '22 at 15:44

Kwabena Berko · Answer 2 · 2019-04-28T17:12:08.900

62

I am using v2.1.0 and none of the above answers worked for me. This did though:

import express from "express";
import http from "http";

const app = express();
const server = http.createServer(app);

const sio = require("socket.io")(server, {
    handlePreflightRequest: (req, res) => {
        const headers = {
            "Access-Control-Allow-Headers": "Content-Type, Authorization",
            "Access-Control-Allow-Origin": req.headers.origin, //or the specific origin you want to give access to,
            "Access-Control-Allow-Credentials": true
        };
        res.writeHead(200, headers);
        res.end();
    }
});

sio.on("connection", () => {
    console.log("Connected!");
});

server.listen(3000);

edited Apr 28 '19 at 17:12

answered Jan 22 '19 at 13:11

Kwabena Berko

1,091
11
8

1

I wish to understand why does this works over io.origin("*:*") Makes no sense, I even tried to override this with origin handlers from socket.io, noting worked except this.. I'm using socket.io 1.7.4 and socket.io-client 2.2.0 with socket.io-adapter-mongodb 0.0.2 – The Bumpaster Jul 10 '19 at 12:26
1

I'm so grateful I found this post, I spent 5-6 hours today to try to enable CORS on my socket-server. I literally tried every single method I could find on stackoverflow. This is the only method that worked for me. I don't understaand why io.origin(":"), did not work in this case either. I've built other socket servers in the past and never encountered problems. If someone has a theory I would love to hear it. Anyways many thanks for sharing this! – octavemirbeau Nov 01 '20 at 04:52

score 36 · Answer 3 · edited May 23 '17 at 10:31

36

You can try to set origins option on the server side to allow cross-origin requests:

io.set('origins', 'http://yourdomain.com:80');

Here http://yourdomain.com:80 is the origin you want to allow requests from.

You can read more about origins format here

edited May 23 '17 at 10:31

Community

1
1

answered Jun 05 '14 at 11:02

Oleg

22,300
9
68
84

score 27 · Answer 4 · answered Nov 08 '20 at 00:35

27

For anyone looking here for new Socket.io (3.x) the migration documents are fairly helpful.

In particular this snippet:

const io = require("socket.io")(httpServer, {
  cors: {
    origin: "https://example.com",
    methods: ["GET", "POST"],
    allowedHeaders: ["my-custom-header"],
    credentials: true
  }
});

answered Nov 08 '20 at 00:35

Brett Klassen

271
3
2

perfect! Now my socket breaks at for POST request's saying it's a bad handshake from my vue socket.io client. But I see this new error as progress. Thank you so much! – frlzjosh Dec 02 '20 at 09:50
Man, I wasted 1 week trying, searching and studying the documentation. And I resolved the problem. I will share with you a couple of secrets: 1) The solution depends on the socket.io version (check your package.json) and SELECT SAME VERSION on the documentation site!!!!!! 2) Whatch out for the exceptions on the documentation. On my case, "...cors: {origin: "*"}..." did not work because the connection requires credentials. So, when you activate credentials, you must declare origin as a function (inside cors) origin: (_req, callback) => { callback(null, true); }, – m0rg4n Jul 07 '23 at 15:16

score 14 · Answer 5 · edited Nov 07 '20 at 14:47

14

If you are getting io.set not a function or io.origins not a function, you can try such notation:

import express from 'express';
import { Server } from 'socket.io';
const app = express();
const server = app.listen(3000);
const io = new Server(server, { cors: { origin: '*' } });

edited Nov 07 '20 at 14:47

Striped

2,544
3
25
31

answered Nov 07 '20 at 14:30

Oleksandr Danylchenko

612
8
14

score 11 · Answer 6 · answered Oct 31 '18 at 11:07

I tried above and nothing worked for me. Following code is from socket.io documentation and it worked.

io.origins((origin, callback) => {
  if (origin !== 'https://foo.example.com') {
      return callback('origin not allowed', false);
  }
  callback(null, true);
});

score 9 · Answer 7 · edited Sep 12 '21 at 17:23

9

client:

const socket = io('https://sms-server.cedrick1227.repl.co/', { });

server:

const io = new socket.Server(server, { cors: { origin: '*' } });

it works like a charm for me.

edited Sep 12 '21 at 17:23

Tyler2P

2,324
26
22
31

answered Sep 12 '21 at 10:02

Spadefaith

101
1
1

2

Could you add more of an explanation? What does your code do and how does it help the OP? – Tyler2P Sep 12 '21 at 11:15
Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-ask). – Community Sep 12 '21 at 17:36
Normaly I'm using `handlePreflightRequest` config value for solving this problem in old versions but in new version (4.4.0) this answer is perfectly working. Thanks. – kodmanyagha Jan 17 '22 at 08:53

score 9 · Answer 8 · answered Oct 04 '21 at 01:23

9

In my case, I'm using an HTTP server and socket.io

Error:

var http = require('http').Server(app);
var io = require('socket.io')(http);

Solution:

var http = require('http').Server(app);
var io = require('socket.io')(http,  { cors: { origin: '*' } });

answered Oct 04 '21 at 01:23

KARTHIKEYAN.A

18,210
6
124
133

score 8 · Answer 9 · answered Nov 19 '20 at 02:38

I just wanted to say that after trying a bunch of things, what fixed my CORS problem was simply using an older version of socket.io (version 2.2.0). My package.json file now looks like this:

{
  "name": "current-project",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "devStart": "nodemon server.js"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "socket.io": "^2.2.0"
  },
  "devDependencies": {
    "nodemon": "^1.19.0"
  }
}

If you execute npm install with this, you may find that the CORS problem goes away when trying to use socket.io. At least it worked for me.

Thanks bro, none of the answers worked from various sites except downgrading the socket.io version :-( It wasted lots of time. Thank you very much. Finally, it's working with ^2.2.0 — VenkateshMogili, Jan 10 '21 at 22:25

score 4 · Answer 10 · answered Jul 17 '18 at 12:42

After read a lot of subjetcs on StakOverflow and other forums, I found the working solution for me. This solution is for working without Express.

here are the prerequisites.

call your js script (src=) form the same server the socket will be connected to (not CDN or local call)
ensure to have the same version of socket.io on server and client side
node modules required : fs, path, socket.io and winston for logging
Install Let's encrypt certbot and generate certificate for your domain or buy a SSL certificate
jQuery declared before socket.io.js on client side
UTF-8 encoding

SERVER SIDE

// DEPENDENCIES
var fs       = require('fs'),
    winston  = require('winston'),
    path     = require('path');


// LOGS
const logger = winston.createLogger({
    level     : 'info',
    format    : winston.format.json(),
    transports: [
        new winston.transports.Console({ level: 'debug' }),
        new winston.transports.File({ filename: 'err.log', level: 'err' }),
        new winston.transports.File({ filename: 'combined.log' })
    ]
});


// CONSTANTS
const Port          = 9000,
      certsPath     = '/etc/letsencrypt/live/my.domain.com/';


// STARTING HTTPS SERVER 
var server = require('https').createServer({
    key:                fs.readFileSync(certsPath + 'privkey.pem'), 
    cert:               fs.readFileSync(certsPath + 'cert.pem'), 
    ca:                 fs.readFileSync(certsPath + 'chain.pem'), 
    requestCert:        false, 
    rejectUnauthorized: false 
},
(req, res) => {

    var filePath = '.' + req.url;
    logger.info('FILE ASKED : ' + filePath);

    // Default page for visitor calling directly URL
    if (filePath == './')
        filePath = './index.html';

    var extname = path.extname(filePath);
    var contentType = 'text/html';

    switch (extname) {
        case '.js':
            contentType = 'text/javascript';
            break;
        case '.css':
            contentType = 'text/css';
            break;
        case '.json':
            contentType = 'application/json';
            break;
        case '.png':
            contentType = 'image/png';
            break;      
        case '.jpg':
            contentType = 'image/jpg';
            break;
        case '.wav':
            contentType = 'audio/wav';
            break;
    }

    var headers = {
        'Access-Control-Allow-Origin': '*',
        'Access-Control-Allow-Methods': 'OPTIONS, POST, GET',
        'Access-Control-Max-Age': 2592000, // 30 days
        'Content-Type': contentType
    };

    fs.readFile(filePath, function(err, content) {
        if (err) {
            if(err.code == 'ENOENT'){
                fs.readFile('./errpages/404.html', function(err, content) {
                    res.writeHead(404, headers);
                    res.end(content, 'utf-8');
                });
            }
            else {
                fs.readFile('./errpages/500.html', function(err, content) {
                    res.writeHead(500, headers);
                    res.end(content, 'utf-8');
                });
            }
        }
        else {
            res.writeHead(200, headers);
            res.end(content, 'utf-8');
        }
    });

    if (req.method === 'OPTIONS') {
        res.writeHead(204, headers);
        res.end();
    }

}).listen(port); 


//OPENING SOCKET
var io = require('socket.io')(server).on('connection', function(s) {

    logger.info("SERVER > Socket opened from client");

    //... your code here

});

CLIENT SIDE

<script src="https://my.domain.com:port/js/socket.io.js"></script>
<script>
    $(document).ready(function() {

        $.socket = io.connect('https://my.domain.com:port', {
            secure: true // for SSL
        });

        //... your code here

    });
</script>

This is one of the clearest example of a bare-bone NodeJS server with socket.io integration; upvoted — Nactus, Apr 27 '20 at 13:15

score 4 · Answer 11 · answered May 08 '22 at 05:38

I was also struggling with this issue until i saw Documentation says: "You can't set 'withCredentials' to true with origin: *, you need to use a specific origin:". So my code looks like this, hope is useful:

WEB CLIENT

const { io } = require("socket.io-client");
const socket = io("localhost:3000", {
  extraHeaders: {
    "my-custom-header": "abcd"
  }
});

SERVER

var express = require('express');
const app = express();
const http = require('http');
const httpServer = http.createServer(app);
const io = require("socket.io")(httpServer, {
  cors: {
    origin: '*',
    methods: ["GET", "POST"],
  }
});

score 4 · Answer 12 · answered Aug 15 '22 at 19:53

4

Use following on the server side:

const express = require("express");
const cors = require("cors");
const http = require("http");
 
const app = express();
app.use(express.json());
app.use(cors());
 
const server = http.createServer(app);
const socket = require("socket.io")(server, {
  cors: {
    origin: "*",
    methods: ["GET", "POST"],
  },
});
 
socket.on("connection", (socket) => {
  console.log("socket connection : ", socket.id);
});
 
server.listen(3001, () => {
  console.log("server has started!");
});

answered Aug 15 '22 at 19:53

Rida Noor

61
5

This is what the docs say, but it is not working for me either. SocketIO behaves like no cors settings were given. – Fred Sep 13 '22 at 00:22
1

Today it works :-| Backing my suspicion that the whole CORS method is in fact based on black magic. – Fred Nov 17 '22 at 21:55
I did origin: "\*.\*" from server side on looking at some other fixes, changing it to origin: "*" worked for me. Cheers – Pratik Agarwal Apr 26 '23 at 10:19

score 3 · Answer 13 · edited May 23 '17 at 12:18

This could be a certification issue with Firefox, not necessarily anything wrong with your CORS. Firefox CORS request giving 'Cross-Origin Request Blocked' despite headers

I was running into the same exact issue with Socketio and Nodejs throwing CORS error in Firefox. I had Certs for *.myNodeSite.com, but I was referencing the LAN IP address 192.168.1.10 for Nodejs. (WAN IP address might throw the same error as well.) Since the Cert didn't match the IP address reference, Firefox threw that error.

score 3 · Answer 14 · answered Dec 15 '18 at 00:16

Alright I had some issues getting this to work using a self signed cert for testing so I am going to copy my setup that worked for me. If your not using a self signed cert you probably wont have these issues, hopefully!

To start off depending on your browser Firefox or Chrome you may have different issues and I'll explain in a minute.

First the Setup:

Client

// May need to load the client script from a Absolute Path
<script src="https://www.YOURDOMAIN.com/node/node_modules/socket.io-client/dist/socket.io.js"></script>
<script>
var options = {
          rememberUpgrade:true,
          transports: ['websocket'],
          secure:true, 
          rejectUnauthorized: false
              }
var socket = io.connect('https://www.YOURDOMAIN.com:PORT', options);

// Rest of your code here
</script>

Server

var fs = require('fs');

var options = {
  key: fs.readFileSync('/path/to/your/file.pem'),
  cert: fs.readFileSync('/path/to/your/file.crt'),

};
var origins = 'https://www.YOURDOMAIN.com:*';
var app = require('https').createServer(options,function(req,res){

    // Set CORS headers
    res.setHeader('Access-Control-Allow-Origin', 'https://www.YOURDOMAIN.com:*');
    res.setHeader('Access-Control-Request-Method', '*');
    res.setHeader('Access-Control-Allow-Methods', 'OPTIONS, GET');
    res.setHeader('Access-Control-Allow-Headers', '*');
    if ( req.method === 'OPTIONS' || req.method === 'GET' ) {
        res.writeHead(200);
        res.end();
        return;
            }

});

var io = require('socket.io')(app);

app.listen(PORT);

For development the options used on the client side are ok in production you would want the option:

 rejectUnauthorized: false

You would more than likely want set to "true"

Next thing is if its a self signed cert you will need to vist your server in a separate page/tab and accept the cert or import it into your browser.

For Firefox I kept getting the error

MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT

The solution for me was to add the following options and accepting the cert in a different page/tab.

{ 
rejectUnauthorized: false
}

In Chrome I had to open another page and accept the cert but after that everything worked fine with out having to add any options.

Hope this helps.

References:

https://github.com/theturtle32/WebSocket-Node/issues/259

https://github.com/socketio/engine.io-client#methods

score 3 · Answer 15 · answered Dec 20 '19 at 18:38

I am facing problem while making an chat app using socket.io and node.js & React. Also this issue is not spacefic to Firefox browser, i face same issue in Edge & Chrome also.

"Cross-Origin request is blocked and it is used by some other resources..."

Then i download cors in project directory and put it in the server file index.js as below: To download simply type command using node.js :

npm install cors

const cors = require('cors');
app.use(cors());

This will allow CORS to used by different resources in the files and allow cross origin request in the browser.

Same issue occurs after implementation. Works in localhost but not outside — Paul McBurney, Dec 11 '20 at 01:16

score 3 · Answer 16 · answered Jan 03 '22 at 17:05

For those using `socket.io` >= v4.4.0

Because I wanted needed the CORS option only for local development, nothing worked here for me.

The solution that I implemented, backend-side :

    const io = require("socket.io")(server, {
        path: '/api/socket.io',
    });

    if (process.env.NODE_ENV === 'development') {
        io.engine.on('initial_headers', (headers, req) => {
            headers['Access-Control-Allow-Origin'] = 'http://localhost:3000';
            headers['Access-Control-Allow-Credentials'] = true;
        });

        io.engine.on('headers', (headers, req) => {
            headers['Access-Control-Allow-Origin'] = 'http://localhost:3000';
            headers['Access-Control-Allow-Credentials'] = true;
        });
    }

Shamshirsaz.Navid · Answer 17 · 2020-12-13T11:46:44.740

Take a look at this: Complete Example

Server:

let exp = require('express');
let app = exp();

//UPDATE: this is seems to be deprecated
//let io = require('socket.io').listen(app.listen(9009));
//New Syntax:
const io = require('socket.io')(app.listen(9009));

app.all('/', function (request, response, next) {
    response.header("Access-Control-Allow-Origin", "*");
    response.header("Access-Control-Allow-Headers", "X-Requested-With");
    next();
});

Client:

<!--LOAD THIS SCRIPT FROM SOMEWHERE-->
<script src="http://127.0.0.1:9009/socket.io/socket.io.js"></script>
<script>
    var socket = io("127.0.0.1:9009/", {
        "force new connection": true,
        "reconnectionAttempts": "Infinity", 
        "timeout": 10001, 
        "transports": ["websocket"]
        }
    );
</script>

I remember this from the combination of stackoverflow answers many days ago; but I could not find the main links to mention them

score 2 · Answer 18 · answered Apr 18 '21 at 19:54

2

Here is the solution from the official documentation:

Since Socket.IO v3, you need to explicitly enable Cross-Origin Resource Sharing (CORS).

const io = require("socket.io")(httpServer, {cors: {
origin: "https://example.com", // or "*"
methods: ["GET", "POST"]}});

answered Apr 18 '21 at 19:54

Gnopor

587
9
16

This has fixed my issue, I was trying to connect the socket from the `Angular` app and using `ngx-socket-io` module in the Angular app. – amrendra Jul 19 '21 at 16:07

score 2 · Answer 19 · answered Mar 02 '22 at 14:10

The combination that works for me is:

socketio = require('socket.io')(http, {
  origins: process.env.WEB_URL, // http(s)://...
  cors: {
    origin: process.env.WEB_URL,
    credentials: true
  }
}).listen(process.env.SOCKET_PORT) // 8899

app.set('socketio', socketio)

score 1 · Answer 20 · answered Aug 06 '21 at 04:07

1

i simply updated the version of socket.io from 2.x.x to 4.1.2 for backend and did the same ie. updated the version of socket.io-client at frontend from 2.x.x to 4.1.2 ....And it worked

answered Aug 06 '21 at 04:07

Vivek Bhore

11
2

I did not want this to work for me but sadly it did. After hours of debugging :(. So thanks :) – maverick Mar 07 '22 at 13:20

score 1 · Answer 21 · answered Sep 08 '21 at 08:45

So, basically in v2, the Socket.IO server automatically added the necessary headers to allow Cross-Origin Resource Sharing (CORS) therefor there was no problem for connection between client and server. But this behavior, while convenient, was not great in terms of security, because it meant that all domains were allowed to reach your Socket.IO server.

In v3 and above versions the CORS is disabled by default. Therefor you need to explicitly enable them on your server side script.

Example of my code:

In v2 of socket.io the server script looked like :

const io = require('socket.io')(8000);

But in v3 and above versions this code becomes to :

const io = require('socket.io')(8000, {
    cors: {
            origin: ['http://localhost:5500'],
     },
  });

// Remember by setting cors you allow you client to communicate with the socket server

// In this case 8000 is my port on which my socket connection is running and 5500 is my port where my client files are hosted.

// Socket connection runs on a different port and your client files on different

// Also you need to install socket.io-client where you have installed your socket.io modules

For more clarification I'm adding my files

This is my HTML File :

<!DOCTYPE html>
  <html lang="en">
   <head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <script src="http://localhost:8000/socket.io/socket.io.js"" content="text/javascript"></script>
    <script src="javascript/client.js"></script>
    <link rel="stylesheet" href="css/style.css">
    <title>Chat App</title>
   </head>
   <body>
   </body>
  </html>

Here is my javascript/client.js

const socket = io('http://localhost:8000/');

And this is server/server.js

const io = require('socket.io')(8000, {
  cors: {
   origin: ['http://localhost:5500'],
   },
 });

io.on('connection', socket =>{
  console.log(socket.id);
 });

// If you still can't get it more detailed information can be seen on https://socket.io/docs/v4/migrating-from-2-x-to-3-0/#CORS-handling

// Also a video from which i got this solution https://youtu.be/ZKEqqIO7n-k

score 1 · Answer 22 · answered Jun 18 '22 at 20:40

const io = require('socket.io')(server, {
    cors: {
        origin: ['https://example.com','http://example.com','ip-address'],
    }
});

Dont use origin: '*' it is a big security mistake!

origin can be used like an array with diffrent entry types:

URI with protocols like http/https
IP Address
Environment variables like process.env.WEB_URL

score 0 · Answer 23 · answered Aug 18 '20 at 09:11

I had the same problem and any solution worked for me.

The cause was I am using allowRequest to accept or reject the connection using a token I pass in a query parameter.

I have a typo in the query parameter name in the client side, so the connection was always rejected, but the browser complained about cors...

As soon as I fixed the typo, it started working as expected, and I don't need to use anything extra, the global express cors settings is enough.

So, if anything is working for you, and you are using allowRequest, check that this function is working properly, because the errors it throws shows up as cors errors in the browser. Unless you add there the cors headers manually when you want to reject the connection, I guess.

score 0 · Answer 24 · answered Nov 26 '20 at 09:02

0

Using same version for both socket.io and socket.io-client fixed my issue.

answered Nov 26 '20 at 09:02

Adwaith

1,099
1
9
6

score 0 · Answer 25 · answered Jan 23 '21 at 18:11

0

Sometimes this issue is faced when the node server stoped. So, check if your node server working ok.

Then you can use io.set('origins', 'http://yourdomain.com:PORT_NUMBER');

answered Jan 23 '21 at 18:11

Sandeep Sherpur

2,418
25
27

score 0 · Answer 26 · answered Feb 16 '21 at 14:46

I used version 2.4.0 of socket.io in easyRTC and used the following code in server_ssl.js which worked for me

io = require("socket.io")(webServer, {
  handlePreflightRequest: (req, res) => {
    res.writeHead(200, {
      "Access-Control-Allow-Origin": req.headers.origin,
      "Access-Control-Allow-Methods": "GET,POST,OPTIONS",
      "Access-Control-Allow-Headers": "Origin, X-Requested-With, Content-Type, Accept, Referer, User-Agent, Host, Authorization",
      "Access-Control-Allow-Credentials": true,
      "Access-Control-Max-Age":86400
    });
    res.end();
  }
});

score 0 · Answer 27 · answered Apr 03 '21 at 14:09

If you get socket.io app working on Chrome, Safari and other browsers but you still encounter CORS issues in Firefox, and you are using a self-signed certificate, then the problem is that Firefox does not accept self-signed certificates by default, and you have to add an exception by going to Firefox's Preferences > Certificates > View Certificates > Add Exception.

If you don't do this, then Firefox shows the error you posted which is misleading, but deep within its Developer Tools, you will find this error: MOZILLA_PKIX_ERROR_SELF_SIGNED_CERT. This indicates that Firefox is not accepting the certificate at all because it is self-signed.

score 0 · Answer 28 · answered Aug 04 '21 at 06:35

const options = {
  cors: {
    origin:
      String(process.env.ORIGINS_STRING) === "ALL"
        ? true
        : String(process.env.ORIGINS_STRING).split(","),
    methods: ["GET", "PUT", "POST", "DELETE"],
    allowedHeaders: [
      "Access-Control-Allow-Headers",
      "X-Requested-With",
      "X-Access-Token",
      "Content-Type",
      "Host",
      "Accept",
      "Connection",
      "Cache-Control",
    ],
    credentials: true,
    optionsSuccessStatus: 200,
  },
};

in .env file :

ORIGINS_STRING=ALL

or

ORIGINS_STRING=http://localhost:8080,http://localhost:8081

score 0 · Answer 29 · answered Sep 07 '21 at 09:06

I was working with socket.io: 4.2.x, node: 14.17.x & @hapi/hapi: 20.1.x.

After trying multiple ways as mentioned in other answers, I found that the only working solutions for these version is:

const io = require('socket.io')(server.listener, { cors: { origin: '*' } });

Please make sure you have { cors: { origin: '*' } } in the options object.

score 0 · Answer 30 · answered Dec 07 '21 at 18:25

I am using SocketIO with implicit http server and I am using v4.4 of socket io, I had to do it like this in the server:

const { Server } = require("socket.io");

const io = new Server(PORT, {})
io.engine.on("headers", (headers, req) => {
    headers["Access-Control-Allow-Origin"] = "http://yourdomain.com"
    headers["Access-Control-Allow-Headers"] = "origin, x-requested-with, content-type"
    headers["Access-Control-Allow-Methodsn"] = "PUT, GET, POST, DELETE, OPTIONS"
})

score -1 · Answer 31 · answered Mar 15 '22 at 05:08

-1

just simply do this in your socketio requiring:-

const io = require("socket.io")(8000, {
     cors: {
        origin: "*",
     },
});

answered Mar 15 '22 at 05:08

Ajay jangid

711
9
9

Socket.io + Node.js Cross-Origin Request Blocked

31 Answers31

Simple Server-Side Fix

For those using `socket.io` >= v4.4.0

Linked

Related

Socket.io + Node.js Cross-Origin Request Blocked

31 Answers31

Simple Server-Side Fix

For those using socket.io >= v4.4.0

Linked

Related

For those using `socket.io` >= v4.4.0