Socket IO error "Access to XMLHttpRequest has been blocked by CORS policy"

Question

my app has recently received an error

"Access to XMLHttpRequest at 'https://my-service-domain/socket.io/?EIO=3&transport=polling&t=M-eWtUQ' from origin 'https://my-app-domain' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource."

when i connecting to socket.io. I have not yet found a solution to this problem, I will describe in detail as the image below, has anyone ever encountered this error.

Server config:

var express = require('express');
var app = express();

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "X-Requested-With");
  res.header("Access-Control-Allow-Headers", "Content-Type");
  res.header("Access-Control-Allow-Methods", "PUT, GET, POST, DELETE, OPTIONS");
  next();
});
var http = require('http');
var server = http.createServer(app);
var io = require('socket.io').listen(server, {log:false, origins:'*:*'});

Client config:

var socket = io('https://my-service-domain', {transports: ['polling']});
socket.on(channel_id, function(data){
     // some code
});

I tried to switch the websocket connection option var socket = io('https://my-service-domain', {transports: ['websocket']}), I got the error

"WebSocket connection to 'wss://my-service-domain/socket.io/?EIO=3& transport = websocket' failed: Error during WebSocket handshake: Unexpected response code: 400 "

Does this answer your question? [Socket.io + Node.js Cross-Origin Request Blocked](https://stackoverflow.com/questions/24058157/socket-io-node-js-cross-origin-request-blocked) — BENARD Patrick, Jan 15 '20 at 12:00

score 19 · Answer 1 · answered Nov 19 '20 at 22:04

19


If you are using Socket.IO v3, you need to explicitly enable Cross-Origin Resource Sharing (CORS).
const io = require("socket.io")(httpServer, {
  cors: {
    origin: "http://localhost:8080",
    methods: ["GET", "POST"]
  }
});

httpServer.listen(3000);

answered Nov 19 '20 at 22:04

Rahul Verma

216
2
4

Indeed in works for browsers, but what about mobile apps? Their origin always changes.. – Pierre Feb 01 '21 at 13:38
Thanks this saved me from few hours of online research :) – Syam Kumar Apr 30 '21 at 18:26

shank_fab_worker · Answer 2 · 2021-05-15T14:20:02.213

11

It is 100% working.. I have spend 2 hours in it and at last find the answer . Just replace code with this...

const express = require("express")
var app = express();
var server = app.listen(4000);
var io = require('socket.io')(server, {
    cors: {
      origin: '*',
    }
});

edited May 15 '21 at 14:20

answered May 15 '21 at 14:13

shank_fab_worker

273
3
14

score 1 · Answer 3 · answered Dec 20 '22 at 11:01

1

Try this:

const io = new Server(httpServer, {
  cors: {
    origin: true,
    credentials: true,
  },
  allowEIO3: true,
});

This works for me. I saw this answer here

answered Dec 20 '22 at 11:01

Jose Lopez

31
2

score 0 · Answer 4 · edited Feb 25 '20 at 09:18

0

If you are using HTTPS protocol, then try using the following snippet:

var http = require('https');

edited Feb 25 '20 at 09:18

סטנלי גרונן

2,917
23
46
68

answered Feb 25 '20 at 08:56

SANKET GIRME

67
1
2

score 0 · Answer 5 · answered May 06 '21 at 01:57

0

If you are facing the same kind of error where your access to the request has been blocked then change your code from..... const socket = io('http://localhost:8000'); to this const socket = io('http://localhost:8000',{transports: ['websocket']});

this will make your code to run

answered May 06 '21 at 01:57

Tarun Chaudhary

1

This does not solve this issue and I don't see why it would – eemilk Aug 06 '21 at 10:55

score 0 · Answer 6 · answered May 18 '21 at 09:45

0

For multiple urls:

var io = require('socket.io')(server, {
    cors: {
      origin: ['url1','url2',..]
    }
});

answered May 18 '21 at 09:45

Tony

493
4
7

score 0 · Answer 7 · answered May 18 '21 at 09:51

You can try to use cors npm package. Install CORS using the following command:

npm install cors

Then at the top of your application file, import the installed CORS package as,

const cors = require('cors');

then use this constant variable as middleware,

app.use(cors());

and it will handle all the CORS related options and settings you need.

Note: You should use app.use(cors()); line before initiating your routers. Otherwise it may not work.

score 0 · Answer 8 · answered Apr 01 '22 at 21:17

One way i found around this was by using "prependListener". This will only work for socket.io 4.1.0 and above

const express = require('express')
const app = express()
const server = require('http').createServer(app);
const io = require('socket.io')(server)
io.on('connection', socket=>{
   // all socket events here
});

// Magic Lines
server.prependListener("request", (req, res) => {
   res.setHeader("Access-Control-Allow-Origin", "*");
});
// instead of "*" your can also add the other domain/servername
server.listen(7000, () => {
   console.log("This is the socket server running");
});

score -1 · Answer 9 · answered Nov 09 '20 at 17:17

-1

When I hosted on Heroku my nodejs app that uses socekt.io I got the same error in my browser. The problem was that I didnot add a start script in package.json file. So heroku could no way start my app. When I added the start script, then the problem was solved.

answered Nov 09 '20 at 17:17

Abu Ziyaada Wajeeh

21
3

What is `start script`? – Oliver D Nov 10 '20 at 16:36
@OliverD I think he is referring to package.json scripts, like test and start. If you don't define a start script in your package.json file, it may cause startup failures in various deploment environments. – M. Çağlar TUFAN May 18 '21 at 09:52

Socket IO error "Access to XMLHttpRequest has been blocked by CORS policy"

9 Answers9