2
  1. I am developing an ajax form update on localhost in express.js for learning express.js
  2. The origin in header is alway set to be null by browser for CORS request (tried: firefox, chrome and safari)

Question: 1. "Origin: null" in request header is not the problem of express.js. Is this correct?

  1. Why they(is it the browsers?) set the Origin to null? I think it should look like this one: "localhost:3000/myproject/test/form.html"

  2. Should I use jquery ($.ajax() or $.ajaxSetup()) to set the origin, before calling ajax on localhost?

  3. How to make the origin in header reflect the real situation?

Here is the screenshot: [...the screenshot is gone now...]

I read the following article about the CORS. The origin in header is null, which is not explained. Please help.

http://www.html5rocks.com/en/tutorials/cors/

"The first thing to note is that a valid CORS request always contains an Origin header. This Origin header is added by the browser, and can not be controlled by the user."

How to allow CORS?

Alexis Wilke
  • 19,179
  • 10
  • 84
  • 156
Nicolas S.Xu
  • 13,794
  • 31
  • 84
  • 129

1 Answers1

6

The Origin header is null because you are making the CORS request from a local file (I bet the url starts with file://). In order to get a "normal" origin, you need to host the client file on a web server and access that file using http or https.

Also note that the Origin value is set by the browser and can not be overridden by client JavaScript code.

(P.S. I wrote that HTML Rocks article, I'll make a note to add a section about null Origin)

monsur
  • 45,581
  • 16
  • 101
  • 95
  • Monsur, it is really nice to find you here! I am much more clear about this issue after you explanation. Thank you! – Nicolas S.Xu Dec 18 '13 at 05:32
  • A Chrome extension called Advance Rest Client can make the origin looks like this one: Origin: chrome-extension://hgmloofddffdnphfgcellkdfbfbjeloo – Nicolas S.Xu Dec 18 '13 at 05:36