CODEWITHSUNDEEP
javascriptnode.jsexpresscors
TigerBalm
TigerBalm

Reputation: 71

Cors seems to be enabled on my node server by default. Am I missing something?

So I have a very basic node and express server as seen below. No middleware or anything, but I'm still able to log the response from axios made to google.com. Shouldn't this result in a cors error resulting in me having to use middleware or set the server up to make cross origin requests? Still unclear on CORS a little bit, any clarification is greatly appreciated. Thanks!

var express = require('express');
var app = express();
var axios = require('axios');

app.on('listening', () => {
    axios.get('https://google.com')
    .then(response => console.log(response.data));
});

app.get('*', function(request, response){
  response.sendfile('./dist/index.html');
});

app.use(function(err, req, res, next) {
  if (err) {
      res.status(500).send(err);
      console.log(err.message);
  }
  next();
});

app.listen(process.env.PORT || 3000, () => {
    app.emit('listening');
    console.log('listening on 3000');
});

Upvotes: 0

Views: 46

Answers (1)

T.J. Crowder
T.J. Crowder

Reputation: 1075069

CORS is a browser thing. It doesn't apply to server-side code (in Node, PHP, Java, ...). From the spec:

This document defines a mechanism to enable client-side cross-origin requests.

and later

User agents commonly apply same-origin restrictions to network requests. These restrictions prevent a client-side Web application running from one origin from obtaining data retrieved from another origin, and also limit unsafe HTTP requests that can be automatically launched toward destinations that differ from the running application's origin.

(my emphasis)

Upvotes: 2

Related Questions