LaSul
Reputation: 2421
Node JS - CORS - Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response
I try to upload files to my server and I'm running issues with CORS and Node JS.
My server.js file looks like below :
require('rootpath')();
var express = require('express');
var app = express();
var cors = require('cors');
var bodyParser = require('body-parser');
var expressJwt = require('express-jwt');
var config = require('config.json');
// pour l'upload
var multer = require('multer');
const corsOptions = {
origin: ["http://localhost:3000"],
credentials: true,
methods: "POST, PUT, OPTIONS, DELETE, GET",
allowedHeaders: "X-Requested-With, Content-Type"
}
app.use(cors(corsOptions))
app.options('*', cors(corsOptions));
app.use(bodyParser.urlencoded({ extended: false }));
app.use(bodyParser.json());
// // // use JWT auth to secure the api
app.use(expressJwt({ secret: config.secret }).unless({ path: ['/users/authenticate', '/users/register'] }));
// // // routes
app.use('/users', require('./controllers/users.controller'));
app.use('/challenges', require('./controllers/challenges.controller'));
// NEW UPLOAD
app.use(function(req, res, next) { //allow cross origin requests
res.setHeader("Access-Control-Allow-Methods", "POST, PUT, OPTIONS, DELETE, GET");
res.header("Access-Control-Allow-Origin", "http://localhost:3000");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
res.header("Access-Control-Allow-Credentials", true);
next();
});
/** Serving from the same express Server
No cors required */
app.use(express.static('../client'));
app.use(bodyParser.json());
var storage = multer.diskStorage({ //multers disk storage settings
destination: function (req, file, cb) {
cb(null, './uploads/');
},
filename: function (req, file, cb) {
var datetimestamp = Date.now();
cb(null, file.fieldname + '-' + datetimestamp + '.' + file.originalname.split('.')[file.originalname.split('.').length -1]);
}
});
var upload = multer({ //multer settings
storage: storage
}).single('file');
/** API path that will upload the files */
app.post('/upload', function(req, res) {
upload(req,res,function(err){
console.log(req.file);
if(err){
res.json({error_code:1,err_desc:err});
return;
}
res.json({error_code:0,err_desc:null});
});
});
// FIN NEW UPLOAD
// start server
var port = process.env.NODE_ENV === 'production' ? 80 : 4000;
var server = app.listen(port, function () {
console.log('Server listening on port ' + port);
});
And I have the following issue :
XMLHttpRequest cannot load http://localhost:4000/users. Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response
and when I try to upload my file, I got a new issue :
POST http://localhost:4000/upload 401 (Unauthorized)
I tried to add many origins in an array instead of only localhost:3000, but nothing changes.
Anything else : if I add "Origin","Content-Type","Accept" to the list of headers, I have this following error :
OPTIONS localhost:4000/users net::ERR_CONNECTION_REFUSED.
I got to admit CORS is a bit difficult.
Thanks
Upvotes: 2
Views: 8093
Answers (3)
Meier Boas
Reputation: 41
I guess the simplest solution is to add Authorization to Access-Control-Allow-Headers.
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
Finally you also want to respond to the preflight OPTIONS request with HTTP ok, e.g:
if(req.method === 'OPTIONS') {
res.status(201);
res.end();
}
else {
next();
}
Upvotes: 0
Sumant Singh
Reputation: 1020
To Solve this issue use the below code
npm install cors
Add the code in server.js file
var cors = require('cors')
app.use(cors())
Upvotes: 1
lcodegmaster
Reputation: 74
The code below should work:
var express = require("express");
var cors = require("cors");
var app = express();
var corsOptions = {
origin: ' your_url',
optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
}
app.use(function(req, res, next) {
// res.header("Access-Control-Allow-Origin", "*");
// res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
// app.header('Access-Control-Allow-Origin', 'http://localhost');
// app.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
// app.header('Access-Control-Allow-Headers', 'X-Requested-With,content-type');
// app.header('Access-Control-Allow-Credentials', true);
next();
});
///products/:id
app.get('/helloworld', cors(corsOptions), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for only example.com.'});
})
app.listen(3000, function() {
console.log("CORS-enabled web server listening on port 3000");
});
var response_text;
var XMLHttpRequest = require("xmlhttprequest").XMLHttpRequest;
var xhr = new XMLHttpRequest();
//Get the html of the website
function createCORSRequest(method, url) {
var xhr = new XMLHttpRequest();
if ("withCredentials" in xhr) {
// Check if the XMLHttpRequest object has a "withCredentials" property.
// "withCredentials" only exists on XMLHTTPRequest2 objects.
xhr.withCredentials = true;
xhr.open(method, url, true);
xhr.send();
} else if (typeof XDomainRequest != "undefined") {
// Otherwise, check if XDomainRequest.
// XDomainRequest only exists in IE, and is IE's way of making CORS requests.
xhr = new XDomainRequest();
xhr.open(method, url);
xhr.send();
} else {
// Otherwise, CORS is not supported by the browser.
xhr = null;
}
return xhr;
}
var url = "your_url";
var xhr = createCORSRequest('GET', url);
if (!xhr) {
throw new Error('CORS not supported');
}
xhr.onload = function() {
response_text = xhr.responseText;
console.log(response_text);
console.log(values);
// process the response.
}
xhr.onerror = function() {
console.log('There was an error!');
}
Then cd to the file directory in the terminal and write: $ node filename.js
It will then be listening on http://localhost:3000/helloworld Hope this works.
Upvotes: 0
Related Questions
- Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response
- CORS error :Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response
- Request header field authorization is not allowed by Access-Control-Allow-Headers in preflight response with .net core and angular
- CORS error: Request header field authentication is not allowed by Access-Control-Allow-Headers in preflight response
- Node JS - CORS Issue Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header
- angularjs - Request header field is not allowed by Access-Control-Allow-Headers in preflight response
- Angularjs Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers in preflight response
- Node JS CORS module not setting Access-Control-Allow-Credentials header
- NodeJS + ExpressJS: Request header field not allowed by Access-Control-Allow-Headers in preflight response
- Cors Error in simple request: Request header field Authorization is not allowed by Access-Control-Allow-Headers in preflight response