2

After sending a POST request to my Node backend I'd like to redirect the user to another site using e.g. a Location header in the server response.

I'm sending the POST request to my server with Axios using the following options:

  const options = {
    withCredentials: true,
    headers: {
      'Content-Type': 'application/json',
      Accept: 'application/json',
    },
  };

In my Node-Express server I'm returning the response like this:

return res.redirect('https://google.com');

The browser receives the response with the Location header and attempts to send an OPTIONS request to https://google.com, but this fails because of Google's CORS settings (OPTIONS is not allowed).

I know I could redirect the browser in my client-side JS by using e.g. window.location.replace(), but is it possible to make the browser go to https://google.com (without making an OPTIONS call) just because my backend is telling it to do so?

EDIT: Here's a simplified route:

router.post('/cats', (req, res) => {
    if (redirectCondition) {
        return res.redirect('https://google.com');
    }
    return res.sendStatus(200);
});
iepure
  • 249
  • 2
  • 14
  • Yes, answer that options request correctly. – Jonas Wilms Oct 30 '19 at 08:33
  • Does this answer your question? [Why doesn't adding CORS headers to an OPTIONS route allow browsers to access my API?](https://stackoverflow.com/questions/7067966/why-doesnt-adding-cors-headers-to-an-options-route-allow-browsers-to-access-my) – Jonas Wilms Oct 30 '19 at 08:34
  • @JonasWilms Unfortunately it doesn't. The answer you linked says: "the CORS spec only requires the OPTIONS call to precede the POST or GET if the POST or GET has any non-simple content or headers in it". It is unclear to me how and where I can limit which headers are sent with the actual redirection request - isn't that handled by the browser? I tried removing headers from my server's response, but that didn't help. The redirection request still contained headers that init an OPTIONS request. – iepure Oct 30 '19 at 09:19
  • You have to answer *two requests*. Answer the OPTIONS request with the cors header, then the browser will be allowed to issue the POST request, and that can be answered with a redirect – Jonas Wilms Oct 30 '19 at 09:20
  • @JonasWilms I think you've misunderstood. I'm able to handle OPTIONS and POST to my Node backend without CORS issues. The problem is that when I reply to the POST originating from my frontend with ```return res.redirect('https://google.com');``` from my backend the broswer sends an OPTIONS request to google.com, which is not allowed by Google. What I'd like to achieve is to just redirect the browser to google.com, like in window'location.replace(). I'm trying to find out if that is possible to do directly from my Node response, or whether I actually have to use window.location.replace(). – iepure Oct 30 '19 at 09:29
  • Again: Answer that OPTIONS request with the correct cors header. Not with a redirect – Jonas Wilms Oct 30 '19 at 09:30
  • @JonasWilms Could you be a bit more specific? I obviously cannot edit Google's CORS settings so I don't really understand what you're referring to. If you mean that I should change the headers of my OPTIONS request that is initiated by the redirection response with the Location header I don't know where that is done. Doesn't the browser handle the Location header by itself? – iepure Oct 30 '19 at 09:36
  • Could you add the relevant Express routes to the question? [edit] – Jonas Wilms Oct 30 '19 at 09:38
  • Um, do you actually answer OPTIONS requests? Is that everything? Or do you use the `cors()` module, or have an `.options` handler somewhere? – Jonas Wilms Oct 30 '19 at 09:50
  • @JonasWilms Yes, I use cors(). Like I said there is no CORS issue with the original OPTIONS and POST requests to my Node server. It works perfectly. The problem is that when I send the response (res.redirect('https://google.com')) the browser handles the Location header by sending an OPTIONS request to google.com and Google blocks this. I'm asking if it is possible to redirect the browser to another URL from a Node backend or whether I need to use client-side code. – iepure Oct 30 '19 at 10:01
  • I'm sorry, I missunderstood your question and assumed you did not answer cors requests. Maybe this https://stackoverflow.com/questions/199099/how-to-manage-a-redirect-request-after-a-jquery-ajax-call is interesting – Jonas Wilms Oct 30 '19 at 10:09
  • you cant redirect with ajax, it going to follow them, which is why its doing what its doing.. instead, do it clientside – Lawrence Cherone Oct 30 '19 at 10:14
  • @JonasWilms No problem. :) Thanks for the link, but I don't think it answers my question. – iepure Oct 30 '19 at 10:18
  • 1
    It does. With Axios, you are doing an AJAX call, and as stated there, redirects have to be *transparent* on the browser level, so from axios point of view, the POST request is going to google.com. And that cannot happen. You cannot leave the AJAX call here, so you cannot redirect the page itself. You have to use one of the workarounds (`window.location =`) – Jonas Wilms Oct 30 '19 at 10:26
  • @JonasWilms Ah, okay, I seem to have missed that. Thank you for pointing it out. – iepure Oct 30 '19 at 10:41

0 Answers0