-
Notifications
You must be signed in to change notification settings - Fork 17
CORS
Pierre Besson edited this page Dec 3, 2015
·
7 revisions
Cross origin policy can be use in order to perform AJAX request on other origin. It is well explained in this article on Mozilla developer Network - CORS Here is a doc on what is an origin : MDN - Origin
- The server needs to send a header to perform the request:
- The server also needs to detail which tags are allowed to read in the response with the header:
Access-Control-Expose-Headers: ETag
In IE they use XDomainRequest
, which does not send cookies as XmlHttpRequest
does. MSDN
In order to include cookies as part of the request, you need to set the XMLHttpRequest
’s withCredentials
property to true.
The server must also enable credentials by setting the Access-Control-Allow-Credentials
response header to true
and the Access-Control-Allow-Origin
to the request host url.
//CORS middleware
const allowCrossDomain = (req, res, next) => {
res.header('Access-Control-Allow-Origin', '*');
res.header('Access-Control-Allow-Headers', 'X-Requested-With,Content-Type');
res.header('Access-Control-Allow-Methods', 'POST,PUT,GET,OPTIONS,DELETE');
res.header('Content-Type', 'application/json');
next();
}
app.use(allowCrossDomain);