How to prevent CORB errors with Backbone and Node.js/Hapi?

Question

An update to Chrome in the past few days is causing some of the API calls from my SPA (Backbone.js) to my server (Node.js running Hapi) to be blocked with a CORB error. I am doing prototyping so no authentication is currently in place.

In backbone I am using the model url property and I do not see a way to specify header and payload type.

url: function () {
     return 'http://localhost:4000/api/getSpotPrices/' + energy.type);
}

Do I need to change settings in Hapi to prevent this from occurring?

[Update] I added a CORS setting to my Hapi configuration and set it to wildcard:

server.route({
    config: {
        cors: {
            origin: ['*']
        }
    },
    method: 'GET',
    etc...
}

And now Chrome throws the error:

The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:63342, *', but only one is allowed.

So, without the CORS configuration CORB blocks my service call. With the CORS configuration setting CORS complains about too many entries in the header entry.

Answer 1

In was able to use Fiddler to root cause the issue. My Node/Hapi side of things was working correctly. However, I had previously installed a CORS plug-in on Chrome and it was injecting a subsequent wildcard into my Access-Control-Allow-Origin header. Hence, the multi-valued header. Once I disabled the CORS button on my Chrome plug-in the header was as expected.

Answer 2

Do you have any additional headers in your request. That might cause this problem.

Here is my cors config that I am using with my react frontend.

cors: {
    origin: ['list of domains that white listed, no need for wildcard for me'],
    credentials: true, // for preflight request
    // these are the additional headers that i am using through my client code
    additionalHeaders: ['cache-control', 'x-requested-with', 'x-csrf-token', 'set-cookie'] 
},