I need to set CORS to be enabled on scripts served by express. How can I set the headers in these returned responses for public/assets?
This question is related to
javascript
node.js
express
There is at least one middleware on npm for handling CORS in Express: cors.
@klode's answer is right.
However, you are supposed to set another response header to make your header accessible to others.
Example:
First, you add 'page-size' in response header
response.set('page-size', 20);
Then, all you need to do is expose your header
response.set('Access-Control-Expose-Headers', 'page-size')
service.use(function(req, res, next) {_x000D_
res.header("Access-Control-Allow-Origin", "*");_x000D_
res.header("Access-Control-Allow-Methods", "GET,HEAD,OPTIONS,POST,PUT");_x000D_
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");_x000D_
next();_x000D_
});
_x000D_
Short Answer:
res.setHeaders
- calls the native Node.js method
res.set
- sets headers
res.headers
- an alias to res.set
You can do this by using cors. cors will handle your CORS response
var cors = require('cors')
app.use(cors());
This is so annoying.
Okay if anyone is still having issues or just doesn't want to add another library. All you have to do is place this middle ware line of code before your routes.
Cors Example
app.use((req, res, next) => {
res.append('Access-Control-Allow-Origin', ['*']);
res.append('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.append('Access-Control-Allow-Headers', 'Content-Type');
next();
});
// Express routes
app.get('/api/examples', (req, res)=> {...});
You can also add a middleware to add CORS headers, something like this would work:
/**
* Adds CORS headers to the response
*
* {@link https://en.wikipedia.org/wiki/Cross-origin_resource_sharing}
* {@link http://expressjs.com/en/4x/api.html#res.set}
* @param {object} request the Request object
* @param {object} response the Response object
* @param {function} next function to continue execution
* @returns {void}
* @example
* <code>
* const express = require('express');
* const corsHeaders = require('./middleware/cors-headers');
*
* const app = express();
* app.use(corsHeaders);
* </code>
*/
module.exports = (request, response, next) => {
// http://expressjs.com/en/4x/api.html#res.set
response.set({
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'DELETE,GET,PATCH,POST,PUT',
'Access-Control-Allow-Headers': 'Content-Type,Authorization'
});
// intercept OPTIONS method
if(request.method === 'OPTIONS') {
response.send(200);
} else {
next();
}
};
Source: Stackoverflow.com