express + socket.io cross domain

Question

How can I enable cross domain for express.io because I need for a cordova aplication, chrome says "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin", this is my code.

server

var app = require('express.io')();
app.http().io()

app.listen(2000);
app.io.set('origins', '*:*');
app.io.set('transports', [
    'websocket'
    , 'flashsocket'
    , 'htmlfile'
    , 'xhr-polling'
    , 'jsonp-polling'
]);

app.get('/', function (req, res) {
  res.setHeader('Access-Control-Allow-Origin','*');
  res.send(200, 'Todo fino');

  req.io.route('connection');
});

app.io.route('connection', function (req) {
  console.log('User connected');
});

client

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
<script src="https://cdn.socket.io/socket.io-1.3.3.js"></script>
  <script>
  var socket = io.connect('http://localhost:2000');

  </script>
  <title>Document</title>
</head>
<body>
  Probando Socket system
</body>
</html>

Express.io is very outdated. Your socket.io client version is `1.3.3`, whereas express.io still runs on `0.9.16`, which aren't backwards-compatible. — Ben Fortune, Feb 10 '15 at 15:01
I have the same error when using the latest version of sailsjs. with config.sockets origins: ' * : * ', — pedronalbert, Feb 10 '15 at 15:15
try even adding res.header("Access-Control-Allow-Headers", "Content-Type"); — pratiklodha, Feb 10 '15 at 16:16

score 1 · Answer 1 · edited May 23 '17 at 11:45

I've never used that, but this is how I set it up using Express and Socket.io separately.

**Socket.IO version --> 1.3.7 ** **Express version --> 4.13.3 **

Option 1: Force use of Websockets only

By default, websockets are cross domain. If you force Socket.io to only use that as means to connect client and server, you are good to go.

Server side

//HTTP Server 
var server = require('http').createServer(app).listen(8888);
var io = require('socket.io').listen(server);

//Allow Cross Domain Requests
io.set('transports', [ 'websocket' ]);

Client side

var connectionOptions =  {
            "force new connection" : true,
            "reconnectionAttempts": "Infinity", //avoid having user reconnect manually in order to prevent dead clients after a server restart
            "timeout" : 10000, //before connect_error and connect_timeout are emitted.
            "transports" : ["websocket"]
        };

 var socket = io("ur-node-server-domain", connectionOptions);

That's it. Problem? Won't work on browsers (for clients) who don't support websockets. With this you pretty much kill the magic that is Socket.io, since it gradually starts off with long polling to later upgrade to websockets (if client supports it.)

If you are 100% sure all your clients will access with HTML5 compliant browsers, then you are good to go.

Option 2: Allow CORS on server side, let Socket.io handle whether to use websockets or long polling.

For this case, you only need to adjust server side setup. The client connection is same as always.

Server side

//HTTP Server 
var express=require('express');
//Express instance
var app = express();

//ENABLE CORS
app.all('/', function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "X-Requested-With");
  next();
 });

That's it. Hope it helps anyone else.

ps: this is a repost of my answer for another question, Cross-domain connection in Socket.IO

CORS does not work for me. Question, what would be the end game for this? I was thinking it would be something like on client side URL would be "clienurl.com" and to access socketio would be like http://serverurl.com:9000/socket.io/socket.io.js.. am I correct on this? — oneofakind, Dec 07 '15 at 11:00

score 0 · Answer 2 · answered Feb 10 '15 at 15:07

0

Try use CORS, for example:

var cors = require('cors');
app.use(cors({
    origin: true,
    credentials: true
}));

answered Feb 10 '15 at 15:07

siavolt

6,869
5
24
27

express + socket.io cross domain

2 Answers2