Making CORS Request in Node.js/Express and AngularJS

Question

I have seen many answers in stack overflow which says setting response headers will make you "CORS" request.But no solution worked for me.I have written the following code:

//Server.js Code
var express = require('express'),
app = express();
app.all('*',function(req, res, next) {
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With,   Content-Type, Accept");
res.setHeader('Access-Control-Allow-Credentials', true);
res.setHeader('Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE, OPTIONS');
next();

I am trying to access the content from the URL using $http in client side:

//Controller.js
$http.get('http://domainA.com/a/ipadapi.php?id=135&client=ipad').success(function(response){
        alert("I got response");
    });

It's showing the following error in console.

XMLHttpRequest cannot load http://domainA.com/a/ipadapi.php?id=135&client=ipad The 'Access-Control-Allow-Origin' header has a value 'http://example.xxxxx.com' that is not equal to the supplied origin. Origin 'http://localhost:3000' is therefore not allowed access.

Note:I am new to nodeJS,Express and AngularJs

Setting cors on your server does not enable cors on other servers, the target server has to enable it — Patrick Evans, Jun 01 '15 at 19:48
Are you trying to access domainA.com from localhost:3000 ? If so, are you the owner of domainA.com ? From what i'm seeing, you have to add the headers on domainA.com server's request. I've answered the same question a few hours ago : http://stackoverflow.com/questions/30577886/connect-to-api-endpoint-with-angular-factory/30578081#30578081 — cl3m, Jun 01 '15 at 19:49
I am not the owner of domainA.com.So,how can i access the content from that URL Should i need to run my application through example.xxxxx.com instead of local host?? @cl3m — HARSHA LANKA, Jun 01 '15 at 19:59

score 0 · Answer 1 · edited May 23 '17 at 12:01

0

When you are passing credentials with CORS, you need to lock down the accepted origins. Try changing your origins from * to "localhost:3000"

See cross origin resource sharing with credentials

edited May 23 '17 at 12:01

Community

1
1

answered Jun 01 '15 at 19:54

cchamberlain

17,444
7
59
72

score 0 · Answer 2 · answered Jun 01 '15 at 19:55

0

Change the header info from

res.setHeader("Access-Control-Allow-Origin", "*");

TO

res.header('Access-Control-Allow-Origin', 'http://localhost:3000');

answered Jun 01 '15 at 19:55

Hardeep Mehta

469
1
6
17

I think this change has to happen in domainA.com. But I am not the owner of it.so,Should i need to run my application through example.xxxxxx.com instead of local host. – HARSHA LANKA Jun 01 '15 at 20:05
That won't help, If you are not the owner of the website, Then it will be a violation of the CORS signatures. The site has to allow you so that you can use its data. – Hardeep Mehta Jun 01 '15 at 20:07
I can run my application from the following domain:http://example.xxxxx.com.Should i need to do this?? If i see the console error message It is saying that "The 'Access-Control-Allow-Origin' header has a value 'http://example.xxxxx.com''. So that i mi8 be able to access the content from url. Correct me if am not wrong?? – HARSHA LANKA Jun 01 '15 at 20:11
Yes, if you have access to 'http://example.xxxxx.com', Then you can get access to the data. – Hardeep Mehta Jun 01 '15 at 20:16

score 0 · Answer 3 · answered Sep 07 '16 at 17:45

If you're not the owner of domainA then you cannot send CORS headers from that domain. You can use your Node server as middleware, and proxy the request from your server to domainA. Your server can send CORS headers back to your angular app. pseudo code with hapi and needle:

import Hapi from 'hapi'
import needle from 'needle'

const server = new Hapi.Server()

server.connection({
  port: 9090
  , routes: {
        cors: true
      }
})

const handler = (req, reply) => {
  const url = 'https://domainA.com'
    , data = {
      body: 'code'
    }

  needle.post(url, 'body=${data.body}', function(err, res) {
    let json = JSON.parse(res.body)
    reply(json.data)
  })
}

server.route({
  method: 'GET',
  path: '/route/{id}',
  handler: handler
}
)

server.start( err => {
  if( err ) {
    console.error( 'Error was handled!' )
    console.error( err )
  }
  console.log( 'Server started at ${ server.info.uri }' )
})

Making CORS Request in Node.js/Express and AngularJS

3 Answers3