CODEWITHSUNDEEP
node.jssocketssslcloudflare
iReal Worlds
iReal Worlds

Reputation: 46

Node.JS Socket.IO SSL CORS error

So, I've made an app that makes use of NodeJS and Socket.IO and it worked fine. Recently, I've installed an SSL certificate and moved the socket from http://example.com:8080 to https://example.com:8443. But now, I receive this error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://example.com:8443/socket.io/?EIO=3&transport=polling&t=M4Kox0q. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Now, I've made some research and I think it is because of the ports (request from :443 to :8443), but how can I make it not be blocked?

This is the client-side code:

socket = io.connect("https://example.com:8443", {
    secure: true
});

And server-side:

io = require('socket.io');
server = require('https').createServer({
    key: fs.readFileSync('./cloudflare.key'),
    cert: fs.readFileSync('./cloudflare.crt')
}, (req, res) => {
    res.writeHead(200, {
        'Access-Control-Allow-Origin': '*'
    });
}).listen(socket_port);
io = io(server, {
    origins: 'example.com:*'
});

And, other than that, in the Network tab of the Dev Tools, the request is listed with a 523 No Reason Phrase status code.

Other info that may be helpful:

Upvotes: 2

Views: 3141

Answers (1)

devamaz
devamaz

Reputation: 105

You need to handle properly handle your CORS by installing CORS node package with this simple configuration if using express.

const cors = require('cors')

let app = express()
app.use(cors({credentials: true, origin: true}))

OR

io = require('socket.io');
server = require('https').createServer({
    key: fs.readFileSync('./cloudflare.key'),
    cert: fs.readFileSync('./cloudflare.crt')
}, (req, res) => {
    res.writeHead(200, {

    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Headers": "Origin, X-Requested-With, Content-Type, Accept, Authorization"

    });
}).listen(socket_port);
io = io(server, {
    origins: 'example.com:*'
});

You can also checkout these sites Enable CORS or MDN CORS handling. I hope this help.

Upvotes: 1

Related Questions