7

I have a node.js express app which provides RESTful APIs and I'm using passport for Facebook authentication. I enabled all CORS configuration in the server side and was able to consume APIs via jQuery Ajax. But for Facebook authentication I'm getting the following error:

XMLHttpRequest cannot load http://localhost:3000/auth/facebook. The request was redirected to 'https://www.facebook.com/dialog/oauth?response_type=code&redirect_uri=http%…_me%2Cuser_checkins%2Cuser_likes&client_id=12345678&type=web_server', which is disallowed for cross-origin requests that require preflight.

/auth/facebook endpoint is this.

app.get('/auth/facebook',
    passport.authenticate('facebook', {
        scope: ['email', 'user_about_me', 'user_checkins', 'user_likes'],
        failureRedirect: users.authFailCallback
    }), users.signin);

So basically it is redirected to Facebook's API (302) which does not allow CORS. Is there any way to solve this? Or I need to call Facebook APIs from server side itself?

laggingreflex
  • 32,948
  • 35
  • 141
  • 196
sooraj.e
  • 766
  • 2
  • 11
  • 26

2 Answers2

4

This looks like it could be a webkit bug:

https://bugs.webkit.org/show_bug.cgi?id=112471

Have you tried reproducing this behavior in the latest Firefox?

Your best bet for fixing this right now (2013-12-05) is to make the call server-side if you can. You'll probably need server side requests to allow IE 8 compatibility anyway as IE 8 doesn't support much of the CORS spec. I use a same-domain proxy to get IE 8 working.

Good luck.

Akrikos
  • 3,595
  • 2
  • 24
  • 22
0

you cannot call server api which will result in 302 (redirection) from front end. So you will have to send the user directly to the server and redirect him from there to facebook get the result save the user then redirect him whereever you want

Ammar Ajmal
  • 354
  • 1
  • 12