-2

I have made an application with node js and react,Im hosting them on namecheap and the server side on node js is node.kutiza.com,the client side is finanu.kutiza.com,when im requesting on node.kutiza.com im getting an error saying.

Access to XMLHttpRequest at 'http://node.kutiza.com/krankenkasse/regions' from origin 'http://finanu.kutiza.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

var express = require('express');
var cors = require('cors');

var krankenkasse_calculator = require('./routes/krankenkasse.js');

const app = express()

app.use(cors({ origin: true, credentials: true }));

const port = 5000

app.all('/', function (req, res, next) {
    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Headers", "X-Requested-With");
    next();
});

app.use('/krankenkasse', krankenkasse_calculator);

app.listen(port, () => console.log(`Example app listening on port ${port}!`))

NOTE : On localhost everything is working fine

ardit zogjanu
  • 1
  • 2
  • Does this answer your question? [How to enable cors nodejs with express?](https://stackoverflow.com/questions/43150051/how-to-enable-cors-nodejs-with-express) – jabaa Aug 02 '22 at 11:28
  • Does the client send an `Origin` header? Why do you overwrite the headers `res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With");`? – jabaa Aug 02 '22 at 11:33
  • I've tested your code. The response header `Access-Control-Allow-Origin` is set, when the client sends the request header `Origin`. It's not set otherwise. So the main question is, is this request header set? – jabaa Aug 02 '22 at 12:00
  • @jabaa thanks for answering , i dont know why but first i had only app.use(cors()) than i tried To much things to add to the code but i dont know why its not working . – ardit zogjanu Aug 02 '22 at 12:32
  • The problem isn't in the code. The code as-is is working correctly, even though it contains some nonsense. The problem is somewhere else. Are you deploying an older version? Why are you settign `origin: true`? – jabaa Aug 02 '22 at 12:40
  • @jabaa Thanks for answering the problem was on the namecheap version for node js , i solved it :) – ardit zogjanu Aug 02 '22 at 12:42

1 Answers1

-1

By default, servers won't accept the request from a different domain. You can use cors module to enable cors. Try passing the config in cors middleware.

const cors = require('cors');
const corsOptions = {
  origin: 'http://yourclientdomain.com'
}
app.use(cors(corsOptions));
Sadhna Shukla
  • 17
  • 5
  • I can see the import and the middleware in the code in the question. Why would you use `origin: 'http://yourclientdomain.com'` instead of `origin: true`? – jabaa Aug 02 '22 at 11:29
  • @Sadhna Shukla that is not working – ardit zogjanu Aug 02 '22 at 11:33
  • @jabaa i have tried that also but its not working – ardit zogjanu Aug 02 '22 at 11:35
  • @arditzogjanu You shouldn't copy and paste code from the internet without understanding what it does. That's called [cargo cult programming](https://en.wikipedia.org/wiki/Cargo_cult_programming). You would see that this answer doesn't address your problem and won't help. – jabaa Aug 02 '22 at 11:37
  • @jabaa can u give me an solution or not ? what are you talking about ? – ardit zogjanu Aug 02 '22 at 11:38
  • @arditzogjanu Obviously you don't understand your own code. You've copied snippets, probably from the internet, that don't make sense. Don't do this. Why are you setting `Access-Control` headers twice, once with the `cors` middleware and once with your own request handler? – jabaa Aug 02 '22 at 11:39
  • @jabaa I have 2+ experience with nodejs and react ,dont judge if you cant understand this code than dont comment , give me an solution if u have one if you dont have one go somewhere else – ardit zogjanu Aug 02 '22 at 11:40
  • @jabaa That's really not helpful. To be this disrespectful. – Sadhna Shukla Aug 02 '22 at 11:41
  • @arditzogjanu If you don't have experience, read the documnetation and guide. Don't copy random code snippets from the internet. – jabaa Aug 02 '22 at 11:41
  • @jabaa this is my CODE ! – ardit zogjanu Aug 02 '22 at 11:42
  • @arditzogjanu Then please answer my question why you overwrite the `Access-Control` headers. Who taught you to do this? Where have you read this and what is the intentionof this? – jabaa Aug 02 '22 at 11:42
  • @jabaa then why it its not working even if i delete it ? – ardit zogjanu Aug 02 '22 at 11:44
  • @arditzogjanu You can't answer my question? That's called cargo cult programming. – jabaa Aug 02 '22 at 11:45
  • @jabaa That is an Access-Control-Allow-Origin to allow all the origins – ardit zogjanu Aug 02 '22 at 11:45
  • @arditzogjanu Why do you use `cors` middleware with `origin` and your own headers? – jabaa Aug 02 '22 at 11:45
  • @jabaa that is the server side , to allow the cors policy from different websites thats why im using it – ardit zogjanu Aug 02 '22 at 11:48
  • @arditzogjanu I understand CORS. But you have 1) a middleware `cors` and 2) your own Access Control headers overwriting the settings from the `cors` middleware. In addition you have your own middleware `app.all("/"` but no request handler for this route. Why do you overwrite these headers for a route, that isn't even handled in your server? Obviously, you're not understanding this code. And now you're copying code snippets from an answer on Stack Overflow that you also don't understand. Don't do this. – jabaa Aug 02 '22 at 11:49
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Aug 04 '22 at 05:40