0

I am trying to access the Node.js socket.io server from my cordova app. And then I receive the following error:

Failed to load https://www.ride4you.co.il/socket.io/?EIO=3&transport=polling&t=M30S1z4: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://127.0.0.1:8080' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

This is the connection code in client side (the app or localhost):

    <script src="https://www.ride4you.co.il/socket.io/socket.io.js">
    </script>
    <script type="text/javascript">
     var socket = io("https://www.ride4you.co.il");
     socket.on("disconnect", function() {
       console.log("Disconnected");
       socket = io();
       console.log("Connected");
     });
    </script>

When I am trying this code from the actual domain, no errors and everything works. But from the app, which is not the origin domain, there is a block.

I have tried to remove this block, and allow every origin to access this socket with the next code in app.js (main node.js file):

var express = require('express');
var app = express();
var server = require('http').createServer(app);
global.io = require('socket.io').listen(server);
io.set('origins', '*:*');

But still got the same error there.

I know there is an option to allow for a specific domain, but I am using a cordova app which does not have a domain - so I think that is should be allowed by everyone, is not it?

Thanks.

Raz
  • 1,910
  • 1
  • 15
  • 28

2 Answers2

1

use cors module on nodejs server and keep a copy of this file on your nodejs server https://www.ride4you.co.il/socket.io/socket.io.js and request it from your own server

Hemant Rajpoot
  • 683
  • 1
  • 11
  • 29
  • 1. What do you mean keep a copy of this file? 2. btw: when i ls the public_html directory on the server, I do not see this file, but when trying to access it from browser it is there. Howcome? THanks. – Raz Jan 04 '18 at 09:21
  • you are loading library from a link so instead of that you can save in your repo and then give the path to that – Hemant Rajpoot Jan 04 '18 at 09:24
  • There is not problems accessing the data in http requests, there is problem in order to connect to socket.io specifically. So cors in here is not the solution I think. – Raz Jan 04 '18 at 09:46
0

Independent of node.js details (see Hemant Rajpoot's answer) It has to do with the fact that the request is authenticated (client side).

Please check this stackoverflow answer which is based on C#+angluar, but otherwise show the same behaviour/root cause:

CORS: credentials mode is 'include'

Peter Branforn
  • 1,679
  • 3
  • 17
  • 29