Can't get CORS to work (NodeJS)

Question

I'm trying to set up a GET request cross domain. Domain A is the target, it has a service called /getUser:

(...)
server.get('/getUser', function(req, res) {
    console.log('Call received');
}
(...)

As you can see it doesn't do much, I'm just trying to make sure the request arrives. Domain A has a public js file, which implements the call to this service:

function callDomainA(){
  var url = 'https://domainA.com/getUser?callback=?';

  var xhr = _createCORSRequest('GET', url);
  if (!xhr) {
    console.log('CORS not supported by browser, try jsonp');
    _doJSONP(url)
  }
else{
    xhr.onload = function() {
        console.log('Success : ' + JSON.stringify(xhr.responseText));
    };

    xhr.onerror = function() {
        console.log('ERROR : There was an error with the CORS request.');
    };
}

xhr.send();

return false;
}

function _doJSONP(){
   (...)
}


function _createCORSRequest(method, url) {
   var xhr = new XMLHttpRequest();

    if ("withCredentials" in xhr) 
        xhr.open(method, url, true);  // XHR for Chrome/Firefox/Opera/Safari.
    else if (typeof XDomainRequest != "undefined") {
        xhr = new XDomainRequest();  // XDomainRequest for IE.
    xhr.open(method, url);
 } 
 else 
    xhr = null;  // CORS not supported.

 return xhr;
}

Then I have Domain B, which loads the js script from Domain A and then executes the callDomainA() function:

<script src="https://domainA.com/domainApublicjsfile.js"    type="text/javascript"></script>
(...)
callDomainA();
(...)

When I load the page in Domain B that contains the call to Domain A, and trigger the call to callDomainA(), the code detects that the browser (Firefox) can do CORS, but the headers I receive indicate error 500 and ns_error_dom_bad_uri

I would expect something like this because I'm not doing anything in Domain A to accept the CORS request or anything, but it worries me that the request doesn't seem to arrive to the service, or at least console.log() is not registering anything.

Am I missing anything?

Thank you in advance for your time.

Answer 1

I would like to recommend you my module called simpleS, it implements CORS in a very simple way, and was tested with Google Chrome, Mozilla Firefox and Opera. It was designed to accept requests from the current host or the local file system origin by default. To accept requests from other origins you need something like this:

var simples = require('simples');
var server = simples(80);

server.config({
    cors: {
        origins: ['domaina.com', 'domainb.com'] // ['*'] for requests from anywhere
    }
});

server.get('/getUser', function (request, response) {
    // Your application logic
});

More documentation on simples here. The module is still under development but you can give it a try.

Answer 2

? is only valid once in a URI to signify the start of the query-string. After that, it needs to be URL encoded:

.../getUser?callback=%3f

But, while that may pass the browser's validation, it still isn't a valid "padding" for JSONP. The callback should specify the name of a global function that will be called and passed the JSON response:

function handleJSONPRequest(data) {
    // ...
}

function callDomainA(){
    var url = 'https://domainA.com/getUser?callback=handleJSONPRequest';

    // ...
}

The callback=? shortcut is a feature of some libraries, such as jQuery, that replace the ? with the name of a generated function. It isn't supported by XMLHttpRequest, though.

$.getJSON('.../getUser?callback=?');
// GET .../getUser?callback=jQuery18204235873776488006_1354320142256&...