Cross-Origin Request Blocked even with headers - javascript

I am getting this error when trying to do a get request from my vue app. I am running an express Node.js express app that is connected to my local Mysql server. I already have the headers set to allow my Vue app running on localhost:8081 to access the node server but I'm still getting the error. I have CORS installed on node and vue. My teamates are using the same code I am and not getting this but I am still getting the CORS errors(image for errors). Any help would be greatly appreciated. Thanks!
app.js for my node server
var createError = require('http-errors');
var express = require('express');
var path = require('path');
var cookieParser = require('cookie-parser');
var logger = require('morgan');
const cors = require('cors');
var indexRouter = require('./routes/index');
var usersRouter = require('./routes/courses');
var app = express();
var corsOptions = {
origin: 'http://localhost:8081',
}
app.use(cors(corsOptions));
app.options('*', cors());
app.get('http://localhost:8081', cors(), function (req, res, next) {
res.json({msg: 'This is CORS-enabled for a Single Route'})
})
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');
app.use(function (req, res, next) {
res.setHeader('Access-Control-Allow-Origin', '*');
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
res.setHeader('Access-Control-Allow-Credentials', true);
next();
});
app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));
var mysql = require("mysql");
app.use(function(req, res, next){
res.locals.connection = mysql.createConnection({
host: 'localhost',
user: 'root',
password: '',
database: 'course'
})
res.locals.connection.connect();
next();
});
app.use('/api', indexRouter);
app.use('/api/courses', usersRouter);
// catch 404 and forward to error handler
app.use(function(req, res, next) {
next(createError(404));
});
// error handler
app.use(function(err, req, res, next) {
// set locals, only providing error in development
res.locals.message = err.message;
res.locals.error = req.app.get('env') === 'development' ? err : {};
// render the error page
res.status(err.status || 500);
res.render('error');
});
module.exports = app;
course-services.js for rest requests to my node app
import axios from "axios";
var baseurl = "";
if (process.env.NODE_ENV === "development") {
baseurl = "http://localhost/api/";
} else {
baseurl = "/api/";
}
const apiClient = axios.create({
baseURL: baseurl,
headers: {
Accept: "application/json",
"Content-Type": "application/json",
"X-Requested-With": "XMLHttpRequest",
"Access-Control-Allow-Origin" : "*",
crossDomain: true
},
transformRequest: (data, headers) => {
let token = localStorage.getItem("token");
let authHeader = "";
if (token != null && token != "") authHeader = "Bearer " + token;
headers.common["Authorization"] = authHeader;
return JSON.stringify(data);
},
transformResponse: function(data) {
data = JSON.parse(data);
if (!data.success && data.code == "expired-session") {
localStorage.deleteItem("token");
}
return data;
}
});
export default {
getCourses() {
return apiClient.get("courses");
},
getCourse(id) {
return apiClient.get("courses/" + id);
},
addCourse(course) {
return apiClient.post("courses", course);
},
updateCourse(courseId, course) {
return apiClient.put("courses/" + courseId, course);
},
deleteCourse(courseId) {
return apiClient.delete("courses/" + courseId);
},
};

I don't know why your setting headers many times if you use cors() module you don't have to set header again
var corsOptions = {
origin: 'http://localhost:8081',
}
app.use(cors(corsOptions));
app.options('*', cors());
This route is enough and use as middleware for certain routes And at last, only fetch from http://localhost:8081 don't fetch from any random chrome dev console which will violent cors policy as you setting a specific port and domain as localhost:8081 and please check that you using 127.0.0.1:8081 if so it will again throw an error
only use http://localhost:8081
If you use 127.0.0.1 will not work cause the host don't match
Hope this will help with your problem

You have a custom header in your request:
"X-Requested-With": "XMLHttpRequest",
Either you need to remove it from request header or you need to support it in your server response header by setting it in 'Access-Control-Allow-Headers' :
if you think there might be more custom headers simply set it to *
res.setHeader('Access-Control-Allow-Headers', '*');
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

Related

req.body returning empty object when sending POST request from client side javascript

This post is hidden. You deleted this post 1 min ago.
Hi their are many questions related to the same topic but none of them solved my problem thats why asking new question
What I wanted to do is to send POST request from client side javascript to the Backend NodeJs
Client Side JS
const verifyOtp = async (otp) => {
const res = await fetch("http://127.0.0.1:3000/api/otpVerify", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ otp: otp.value }),
});
const data = await res.json();
console.log(data);
}
Backend Node js
const verifyOtp = router.post("/api/otpVerify", (req, res, next) => {
const otp = req.body;
console.log("Otp recieved: ", otp);
console.log("Actual Otp: ", req.session.otp);
if (otp == req.session.otp) {
return res.json({ isVerified: true });
}
return res.json({ isVerified: false });
});
App.js File
const express = require("express");
const bodyParser = require("body-parser");
const path = require("path");
const session = require("express-session");
const app = express();
app.use(bodyParser.urlencoded({ extended: true }));
app.use(bodyParser.json());
app.use(
session({ secret: "cezisbest", resave: false, saveUninitialized: false })
);
app.use(express.static(path.join(__dirname + "public")));
app.set("view engine", "ejs");
app.set("views", "views");
app.use((req, res, next) => {
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Methods", "GET, POST");
res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization");
res.setHeader(
"Access-Control-Allow-Headers",
"Content-Type, application/json"
);
next();
});
app.use("/api", userRoutes);
app.listen(process.env.PORT);
what I am getting Backend Node js file is an empty object Please help me with this error
opt.value is having a value which it is getting from frontend
in client side JS
on browser chrome it is displaying an object
{isVerified:false}
because the backend is unable to get data
Please help me with this issue
You are not setting the req.session.otp value before calling /api/otpVerify. What is the reason you are using req.session?
req.session is basically gets cookies related information
Refer this:
Cannot access req.session variables in Express/NodeJS

The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is include

I have been trying to make a MERN stack project,and I was learning about sockets,but I am encountering this error when I try to use sockets:
Access to XMLHttpRequest at 'http://localhost:5000/socket.io/?EIO=3&transport=polling&t=O6F3vrY' from origin 'http://localhost:8000' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
I have read many stackoverflow answers and tried to use their code,but the error is not getting fixed anyhow.
I am pasting my files here, please help me out!
index.js file
const cors = require("cors");
const express = require('express');
const cookieParser = require('cookie-parser');
const app = express();
const port = 8000;
const expressLayouts = require('express-ejs-layouts');
const db = require('./config/mongoose');
// used for session cookie
const session = require('express-session');
const passport = require('passport');
const passportLocal = require('./config/passport-local-strategy');
const passportJWT = require('./config/passport-jwt-strategy');
const passportGoogle = require('./config/passport-google-oauth2-strategy');
const MongoStore = require('connect-mongo')(session);
const sassMiddleware = require('node-sass-middleware');
const flash = require('connect-flash');
const customMware = require('./config/middleware');
app.use(cors({ credentials: true, origin: 'http://localhost:8000' }));
app.use(function (req, res, next) {
res.header("Access-Control-Allow-Origin", req.header('Origin'));
res.header("Access-Control-Allow-Credentials", true);
res.header(
"Access-Control-Allow-Headers",
"Origin, X-Requested-With, Content-Type, Accept"
);
res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS, PUT, DELETE");
next();
});
// setup the chat server to be used with socket.io
const chatServer = require('http').Server(app);
const chatSockets = require('./config/chat_sockets').chatSockets(chatServer);
chatServer.listen(5000);
console.log('chat server is listening on port 5000');
app.use(sassMiddleware({
src: './assets/scss',
dest: './assets/css',
debug: true,
outputStyle: 'extended',
prefix: '/css'
}));
app.use(express.urlencoded());
app.use(cookieParser());
app.use(express.static('./assets'));
// make the uploads path available to the browser
app.use('/uploads', express.static(__dirname + '/uploads'));
app.use(expressLayouts);
// extract style and scripts from sub pages into the layout
app.set('layout extractStyles', true);
app.set('layout extractScripts', true);
// set up the view engine
app.set('view engine', 'ejs');
app.set('views', './views');
// mongo store is used to store the session cookie in the db
app.use(session({
name: 'codeial',
// TODO change the secret before deployment in production mode
secret: 'blahsomething',
saveUninitialized: false,
resave: false,
cookie: {
maxAge: (1000 * 60 * 100)
},
store: new MongoStore(
{
mongooseConnection: db,
autoRemove: 'disabled'
},
function (err) {
console.log(err || 'connect-mongodb setup ok');
}
)
}));
app.use(passport.initialize());
app.use(passport.session());
app.use(passport.setAuthenticatedUser);
app.use(flash());
app.use(customMware.setFlash);
// use express router
app.use('/', require('./routes'));
app.listen(port, function (err) {
if (err) {
console.log(`Error in running the server: ${err}`);
}
console.log(`Server is running on port: ${port}`);
});
chat-sockets.js in config folder
module.exports.chatSockets = function (socketServer) {
let io = require('socket.io')(socketServer,{
cors:{
origin:"http://localhost:8000"
}
});
io.sockets.on('connection', function (socket) {
console.log('new connection received', socket.id);
socket.on('disconnect', function () {
console.log('socket disconnected!');
});
});
}
chat-engine.js in assets/js
class ChatEngine {
constructor(chatBoxId, userEmail) {
this.chatBox = $(`#${chatBoxId}`);
this.userEmail = userEmail;
this.socket = io.connect('http://localhost:5000');
if (this.userEmail) {
this.connectionHandler();
}
}
connectionHandler() {
this.socket.on('connect', function () {
console.log('connection established using sockets...!');
});
}
}
Any help is sincerely appreciated.

GET,HEAD response when making a passport Oauth github request

I keep getting
GET, HEAD
response, when authenticating github user. This application is using express, and react.
I tried many solutions when it comes to blocked by cors, and although some solutions that may work for some developers. None has work for me
for example a solution from another post, does not work.
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
next();
});
Api call
router.get('/auth/github', passport.authenticate('github', { session: true, scope: ['profile'] }) );
router.get('/auth/github/callback',
passport.authenticate('github', { failureRedirect: '/' }),
function(req, res) {
// Successful authentication, redirect home.
var token = jwt.sign({ id: req.user.id}, 'nodeauthsecret');
res.cookie("jwt", token, { expires: new Date(Date.now() + 10*1000*60*60*24)});
res.redirect('http://127.0.0.1:8001/dashboard');
console.log(token)
console.log('this works');
});
app.js (express setup)
var express = require('express');
var app = express();
var userRoute = require('./routes/users');
var postRoute = require('./routes/posts');
var bodyParser = require('body-parser');
var logger = require('morgan');
var models = require('./models');
var User = require('./models/user');
var session = require('express-session');
var cookieParser = require('cookie-parser') ;
var cookieSession = require('cookie-session');
var dotenv = require('dotenv');
var env = dotenv.config();
var cors = require('cors');
const port = process.env.PORT || 8000;
const passport = require('passport');
const path = require('path');
const allowOrigin = process.env.ALLOW_ORIGIN || '*'
// CORS Middleware
if (!process.env.PORT) {
require('dotenv').config()
}
if (!process.env.PORT) {
console.log('[api][port] 8000 set as default')
console.log('[api][header] Access-Control-Allow-Origin: * set as default')
} else {
console.log('[api][node] Loaded ENV vars from .env file')
console.log(`[api][port] ${process.env.PORT}`)
console.log(`[api][header] Access-Control-Allow-Origin: ${process.env.ALLOW_ORIGIN}`)
}
app.use(logger('dev'));
app.use(express.static(path.join(__dirname, 'public')));
app.use(cookieParser());
app.use(bodyParser());
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(session({
secret : 'nodeauthsecret',
resave: false,
saveUninitialized: true,
}));
// var corsOptions = {
// origin: 'http://example.com',
// optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
// }
app.use(passport.initialize());
app.use(passport.session());
require('./config/passport')(passport);
require('./config/passport-github')(passport);
app.use(function(req, res, next) {
res.locals.user = req.user; // This is the important line
console.log(res.locals.user);
next();
});
app.use((req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
next();
});
app.use('/api/users', userRoute)
app.use('/api/posts', postRoute )
app.listen(port, () => {
console.log('[api][listen] http://localhost:' + port)
})
Redux action
export const signWithGithub = () => {
return (dispatch) => {
Axios.get('localhost:8000/auth/github', {
headers: {
'content-type': 'application/x-www-form-urlencoded',
'Access-Control-Allow-Credentials': true
},
crossdomain: true
}).then( (res) => {
console.log(res);
dispatch({type: SIGN_GITHUB});
});
}
}
Home.js
signGithub = () => {
this.props.signWithGithub();
};
...
<a onClick={this.signGithub}>
<Chip
label="Sign In with Github"
clickable
avatar={< Avatar alt = "Natacha" src = "https://avatars0.githubusercontent.com/u/9919?s=280&v=4" />}
component="a"
className={classes.chip}/>
</a>

how to remove cors error while using ajax request?

I am trying to make session using express-session with passport in cross domain .I take help of following links
Sending credentials with cross-domain posts?
Passport js fails to maintain session in cross-domain
**I am getting below error**
Failed to load http://localhost:5000/users/login: Response to
preflight request doesn't pass access control check: The value of the
'Access-Control-Allow-Origin' header in the response must not be the
wildcard '*' when the request's credentials mode is 'include'. Origin
'http://localhost:3000' is therefore not allowed access. The
credentials mode of requests initiated by the XMLHttpRequest is
controlled by the withCredentials attribute.
here is my whole code
https://github.com/naveennsit/Cors
client index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<link href="style/style.css" rel="stylesheet" type="text/css"/>
<script src="../node_modules/jquery/dist/jquery.js"></script>
<script src="jquery.js"></script>
</head>
<body>
<script>
$(function () {
$.ajax({
url: 'http://localhost:5000/users/login',
type: "POST",
contentType: "application/json; charset=utf-8",
data: JSON.stringify({id: 5}),
dataType: 'json',
xhrFields: {
withCredentials: true,
},
crossDomain: true,
success: function () {
console.log('success');
},
error: function () {
console.log('error')
}
});
})
</script>
</body>
</html>
server code
server.js
var app = require('./app');
const PORT = process.env.PORT || 5000;
app.listen(PORT, () => {
console.log(`app is running on ${PORT}`);
})
app.js
const express = require('express');
const bodyParser = require('body-parser');
const cookieParser = require('cookie-parser');
const path = require('path');
const morgan = require('morgan');
const cors = require('cors');
const session = require('express-session');
const passport = require('passport');
const app = express();
// Middleware
app.use(bodyParser.urlencoded({extended: false}));
app.use(bodyParser.json());
app.use(morgan('dev'));
app.use(cookieParser());
app.use(cors());
app.use(cookieParser());
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, authorization");
res.header("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");
next();
});
app.use(session({
secret: 'secret',
resave: false,
domain: '.localhost:3000',
saveUninitialized: false,
cookie: {
domain: '.localhost:3000',
maxAge: 24 * 6 * 60 * 10000
},
}))
app.use(passport.initialize());
app.use(passport.session());
//Routes
app.use('/users', require('./routes/user.route'))
module.exports = app;
controller.js
const passport = require('passport');
const passportConfig = require('../passport')
module.exports = {
login: async (req, res, next) => {
console.log(req.body);
try {
req.login(req.body.id, function () {
res.json({message: "Registration successfully"});
})
} catch (e) {
console.log(e)
}
},
}
passport.js
const passport = require('passport');
passport.serializeUser(function(id, done) {
console.log('ddd');
// console.log(user);
done(null, id);
});
passport.deserializeUser(function(id, done) {
console.log('deserializeUser');
done(null, id);
// db.User.findById(id, function (err, user) {
// done(err, user);
// });
});
routes
const express = require('express');
const router = require('express-promise-router')();
const controller = require('../controllers/user.controller');
router.route('/login',)
.post(controller.login)
module.exports = router;
I want to add session in cross-domain.I already apply cors plugin still getting same error
The easiest way is to use the node.js package cors. The simplest usage is:
var cors = require('cors')
var app = express();
app.use(cors());
When using withCredentials: true in ajax, cors need to configure as below.
app.use(cors({origin: 'http://localhost:3000', credentials: true}));
You are almost there to solve it. You need to send actually allowed host in Access-Control-Allow-Origin header value and not *
If you want to allow for all origins, then you can include req.headers.origin for Access-Control-Allow-Origin header value in your CORS middleware:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", req.headers.origin);
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, authorization");
res.header("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS");
next();
});

Unable to receive data from clients ajax POST request through rest API

I have built few rest API on server and calling them from other domain the Get request is working fine but I am facing an issue in calling the POST request.
I am unable to receive data on server send by the clients.
Server Code:
var express = require('express');
var routes = require('./routes');
var user = require('./routes/user');
var http = require('http');
var path = require('path');
//var fn = require('fn')
var app = express();
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');
// intercept OPTIONS method
if ('OPTIONS' === req.method) {
res.send(200);
}
else {
next();
}
};
// all environments
app.set('port', process.env.PORT || 3000);
app.use(allowCrossDomain);
// development only
if ('development' == app.get('env')) {
app.use(express.errorHandler());
}
app.post('/user', user.saveUser);
http.createServer(app).listen(app.get('port'), function(){
console.log('Express server listening on port ' + app.get('port'));
});
exports.saveUser = function(req, res) {
var key = req.body.key; //fb,twitter,web
var userData = req.body.userData;
var result = checkUser(userData,key);
}
Clients code where the request is made :
var data = { key: 'web', userData: userData }
$.ajax({
method: "POST",
//contentType: 'application/json',
url: "www.acbd.com/user",
//url:"http://prayable-21641.onmodulus.net/user",
data: data,
crossDomain: true,
dataType: "json"
}).success(function (data, textstatus) {
// this callback will be called asynchronously
// when the response is available
console.log(data)
console.log(textstatus)
}).error(function (data, textstatus) {
console.log(data)
console.log(textstatus)
// called asynchronously if an error occurs
// or server returns response with an error status.
});
I am unable to get key or userData on server, it say they are not defined:
TypeError: Cannot read property 'key' of undefined
You forgot to require and use the body-parser middleware module.
And also, why is content-type commented out? You need it
Server code should look like this:
var express = require('express');
var routes = require('./routes');
var user = require('./routes/user');
var http = require('http');
var path = require('path');
//var fn = require('fn')
//requiring body-parser
var bodyParser = require('body-parser');
var app = express();
var allowCrossDomain = function(req, res, next) {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');
// intercept OPTIONS method
if ('OPTIONS' === req.method) {
res.send(200);
}
else {
next();
}
};
// all environments
app.set('port', process.env.PORT || 3000);
app.use(allowCrossDomain);
// development only
if ('development' == app.get('env')) {
app.use(express.errorHandler());
}
// using body-parser
app.use(bodyParser());
app.post('/user', user.saveUser);
http.createServer(app).listen(app.get('port'), function(){
console.log('Express server listening on port ' + app.get('port'));
});
also, don't forget to npm install it:
npm install body-parser
//REquire the body parser, make sure you install it using
npm install body-parser
var bodyParser = require('body-parser');
and then use it
app.use(bodyParser.json());
app.use(bodyParser.urlencoded());
Hope that helps

Categories