0

I have a NodeJS server running in on machine SERVER with the IP . The NodeJS server code works. For example, I can connect using the following telnet command

telnet <ip_server> <port>

or via curl

curl -d "{}" "http://<ip_server>:<port>/"

I need to access via another machine CLIENT with the IP . However, telnet won't connect and curl returns a connection refused error. Only pinging the SERVER from the CLIENT works. In the long run I need to access the SERVER from Javasrcipt code loaded in CLIENT browser. When doing this in Firefox, I can see the following error message in the Developer Console

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://<ip_server>:<port>/. This can be fixed by moving the resource to the same domain or enabling CORS.

For the last couple of hours I've been trying to enable CORS within the NodeJS server code. I tried various version to do this I found on the Web

...
var express = require('express');
var cors = require('cors')
...

var app = express();

 // Version A
app.all('/*', function(req, res, next) {
  res.header('Access-Control-Allow-Origin', '*');
  res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
  res.header('Access-Control-Allow-Headers', 'Content-Type');
  next();
});

// Version B
app.use(function (req, res, next) {
  res.setHeader('Access-Control-Allow-Origin', '*');
  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
  res.setHeader('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
  res.setHeader('Access-Control-Allow-Credentials', true);
  next();
});


// Version C (using the "cors" package)
app.use(cors());
app.options('*', cors());

But nothing seems to make a difference. While the telnet and curl commands work when called from the SERVER, nothing works when trying from CLIENT. What do I miss here?

(I'm aware that blocking cross-domain requests is an encouraged security mechanism. However, this is a purely experimental setup, where I need a virtual machine (CLIENT) can access my local PC (SERVER) running the NodeJS server code.)

EDIT: As request, below are imho the relevant client code snippets. I use the NodeJS code for both HTTP accesses and to connect to a WebSocket. As I mentioned, all is running well running in from the CLIENT

...
doAjaxRequest : function(serverUrl, method, data, callback) {    
  $.ajax({
    url: serverUrl, type: method, data: data, dataType: "json",
    success: function(response, textStatus, jqXHR){ callback(response); },
    error: function(jqXHR, textStatus, errorThrown){ },
  });
},

updateBoundingBox : function(endpoint, lat1, lng1, lat2, lng2) {
  var url = "http://<ip_server>:<port_http>/...";
  this.doAjaxRequest(url, "post", { }, Utility.bind(this, this.onBoundingBoxUpdated));
},

...

if ("WebSocket" in window) {
  websocket = new WebSocket("ws://<ip_server>:<port_ws>/");
}

EDIT2: Here are the error messages I get from the different ways to access the SERVER from the CLIENT:

// Browser
// Connect to WebSocket
Firefox can't establish a connection to the server at ws://<ip_server>:<port_websocket>/
// HTTP Request
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://<ip_server>:<port_http>/. This can be fixed by moving the resource to the same domain or enabling CORS.


// TELNET
$ telnet <ip_server> <port_http>
Trying <ip_server>...
telnet: Unable to connect to remote host: Connection refused


// CURL
curl -d "{}" "http://<ip_server>:<port_http>/"
curl: (7) Failed to connect to <ip_server> port <port_http>: Connection refused


// ping <ip_server> (works fine)

One issue might be that CLIENT "varies". telnet and 'curl' I call directly from the virtual machine with a local IP (192.168.xxx.xxx). When using the browser, the CLIENT runs on the router/proxy machine with a global IP. When I try to execute `telnet' and 'curl' on the router/proxy machine, but commands just hang. They don't connect, but I don't get any connection refused error either.

Christian
  • 3,239
  • 5
  • 38
  • 79
  • Your server code seems correct, show us your client side JS. – Joseph Nov 11 '14 at 02:28
  • I added some client code snippets. Apart from the JS code, `telnet` and `curl` already fails to connect. – Christian Nov 11 '14 at 02:47
  • This site might be helpful: http://enable-cors.org/ – aug Nov 11 '14 at 02:59
  • possible duplicate of [Node.js + Express + Cross-domain scripting](http://stackoverflow.com/questions/11181546/node-js-express-cross-domain-scripting) – aug Nov 11 '14 at 03:00
  • So wait, the browser running on CLIENT gives a CORS error but telnet and curl from the CLIENT give `connection refused`? – loganfsmyth Nov 11 '14 at 05:14
  • I edited my question, adding the exact error messages. I also noticed that having this virtual machine with a local IP might be an issue; see EDIT2 as well. @aug: Yeah, I found those pages. This "CORS on ExpressJS" was essentially what I tried. – Christian Nov 11 '14 at 05:56

1 Answers1

0

Somestimes one really has to look for the simplest solutions first. After ruling (almost) anything else out, I eventually checked for any firewall issues. And indeed there is ufw installed on client. After I allowed access to the required ports, everything is working smoothly.

Thanks for all comments! They definitely kept me searching and finally looking in the right direction.

Christian
  • 3,239
  • 5
  • 38
  • 79