CODEWITHSUNDEEP
angularjsnode.jsexpresscross-domainpassport.js
Prateek
Prateek

Reputation: 299

Passport.js Maintaining CROS domain session

I divided my app into 3-tire structure. My server is running on node.js and front end is an angular app . I am using passport for user login and authentication . The behaviour I noticed is my passport login is not able to maintain cross domain session on the front end app .

My server is running on localhost:3000 and front end app on localhost:9000.

I try configuring CROS request in express by giving options as :

  app.use(function(req, res, next) {
     res.header('Access-Control-Allow-Credentials', true);
     res.header('Access-Control-Allow-Origin', req.headers.origin);
     res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
     res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
     if ('OPTIONS' == req.method) {
          res.send(200);
      } else {
          next();
      }
     });

also try cros module in nodeJs but nothing work out for me as such . Any help or suggestion is appreciated .

Upvotes: 0

Views: 497

Answers (2)

Vishnu
Vishnu

Reputation: 12313

CROS != CORS

https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

CORS is used to allow requests only from specific domain i.e req.headers.origin

You have to configure the frontend app with passportjs to maintain the session.

Upvotes: 0

Paresh Gami
Paresh Gami

Reputation: 4792

You have to use csurf for cross domain prevent.

Whenever you are request for any page for example if you request login page from server at that time server send token to this request and you have to set in form with hidden field and when you submit this form to server side server check this token.

https://github.com/expressjs/csurf

http://maximilianschmitt.me/posts/tutorial-csrf-express-4/

Upvotes: 1

Related Questions