How can I add CORS-Headers to a static connect server?

node.js cors node.js-connect
afx picture afx · Jun 15, 2013 · Viewed 33.7k times · Source

I am writing a little demo web server delivering static html,css and javascript. The server looks like

(function () {
    "use strict";

    var http = require("http");
    var connect = require('connect');
    var app = connect()
        .use(connect.logger('dev'))
        .use(connect.static('home'));

    var server = http.createServer(app);
    server.listen(9999, function () {
        console.log('server is listening');
    });
})();

My client side javascript makes ajax calls to a different server. How can I add 

Access-Control-Allow-Origin: http://example.com

to my server response, so that the client side javascript can do the ajax call?

Answer

Akshat Jiwan Sharma picture Akshat Jiwan Sharma · Jun 15, 2013

Had a bit of trouble figuring this one out since express has spoiled me.

Take a look at enable cors. Basically what you need to be doing is add Access-Control-Allow-Origin to the domain you want to enable cors on. response.setHeaders is perfect for this task.

Another thing to note is that connect has no way to handle routes. If your app needs to have different routes then you will probably have to write logic for each of them and add res headers to the ones on which you want to enable cors. You can use req.url for it.

var http = require("http");
var connect = require('connect');

var app = connect()

    .use(connect.logger('dev'))

    .use(connect.static('home'))

    .use(function(req, res){

    res.setHeader("Access-Control-Allow-Origin", "http://example.com");
    res.end('hello world\n');

 });

var server = http.createServer(app);

server.listen(9999, function () {

    console.log('server is listening');
});

This is the response I got in chrome dev tools

HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://example.com
Date: Sat, 15 Jun 2013 16:01:59 GMT
Connection: keep-alive
Transfer-Encoding: chunked

Related questions

Why doesn't adding CORS headers to an OPTIONS route allow browsers to access my API?

I am trying to support CORS in my Node.js application that uses the Express.js web framework. I have read a Google group discussion about how to handle this, and read a few articles about how CORS works. First, …

Read More
CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true

I have a setup involving Frontend server (Node.js, domain: localhost:3000) <---> Backend (Django, Ajax, domain: localhost:8000) Browser <-- webapp <-- Node.js (Serve the app) Browser (webapp) --> Ajax --> Django(Serve ajax …

Read More
Origin <origin> is not allowed by Access-Control-Allow-Origin

XMLHttpRequest cannot load http://localhost:8080/api/test. Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin. I read about cross domain ajax requests, and understand the underlying security issue. In my case, 2 servers are running locally, and like to enable cross …

Read More