Search code examples
node.jsangularexpressiisiisnode

No 'Access-Control-Allow-Origin' header is present on the requested resouce

I'm writing application that uses Angular for client side and NodeJs for backend. I host my app with iis and iisnode.

Recently I added windows authentication to my application so I could know which user logged on.

Most of the requests works fine, but I got authorization problem with request that gets out of another route (/manage) but from the same origin.

My Angular code:

var url = "http://localhost:15001/auth/"+entredPass;
this.http.get(url, {withCredentials: true}).subscribe(res => {
    ...
});

My NodeJs code:

var app = express();
var allowCrossDomain = function (req, res, next){
    res.header('Access-Control-Allow-Origin', origin); //Gets that from config
    res.header('Access-Control-Allow-Credentials', true);
    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
    res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');

    if(res.method == 'OPTIONS')
        res.send(200);
    else
        next();
}
app.use(allowCrossDomain);

//This request works
app.get('isAlive', function(req, res){
    res.setHeader('Access-Control-Allow-Origin', origin); //Gets that from config
    res.status(200);
    res.send(true);
});

//This one isn't - why?
app.get('/auth/:password', function (req, res){
    ...
    var authRes = false;
    if (password == "123456")
        authRes = true;

    res.setHeader('Access-Control-Allow-Origin', origin);
    res.status(200);
    res.send(authRes.toString());
});

For the second GET I get error:

No 'Access-Control-Allow-Origin' header is present on the requested resouce. Origin 'http://myurl' is therefor not allowed access.

The only difference between this two requests is that the first one is called from 'http://myurl' and the second is called from 'http://myurl/manage'. Although when I look at the network tab at the browser I see that the origin of the failed request is 'http://myurl'.

Why the 'Access-Control-Allow-Origin' is not presented and how can I solve it? Thank you.

Solution

  • You can cors to do that.

    CORS is a node.js package for providing a Connect/Express middleware that can be used to enable CORS with various options.

    1 Install cors.

    npm install cors

    2 Then use it in your Express App.

    const express = require('express');
const cors = require('cors');
const app = express();

app.use(cors());

//This request works
app.get('isAlive', function(req, res) {
  res.setHeader('Access-Control-Allow-Origin', origin); //Gets that from config
  res.status(200);
  res.send(true);
});

//This one isn't - why?
app.get('/auth/:password', function(req, res) {
  ...
  var authRes = false;
  if (password == "123456")
    authRes = true;

  res.setHeader('Access-Control-Allow-Origin', origin);
  res.status(200);
  res.send(authRes.toString());
});

    3 Optionally, you can also white-list specific domains if you want to:

    const whitelist = ['http://example1.com', 'http://example2.com']
const corsOptions = {
  origin: function (origin, callback) {
    if (whitelist.indexOf(origin) !== -1) {
      callback(null, true)
    } else {
      callback(new Error('Not allowed by CORS'))
    }
  }
}

app.use(cors(corsOptions));