node.js - Node Express Mongoose MongoDB CORS failure -
i using node/express/mongoose/mongodb on debian vps webserver reason online cors request not firing. let me works on local server.
when upload debian vps webserver cors request never goes through. know because debug logs never fire. mongodb server running , node/express server running. have npm reinstalled express/mongoose , cors addon many times , not think it's issue those...
i have tested things on server curl -h w/ -origin flags. responses return correctly in console. leads me believe cors requests being blocked somehow (maybe browsers??) , express servers never reached. have tried starting browsers no security flags no avail also... 1 strange fact when responses return w/ curl, list different origins though specify 1 origin flag. confusing...
i have tried changing access-origins many different times , ways. have tried allowing of them. have tried allowing ones specific requests... have tried using apache2 header mod , using .htaccess file allow cors. have tried php header no avail.
url: www.kensnote.com browser error responses follows:
chromium-browser: "failed load resource" firefox: cross-origin request blocked: same origin policy disallows reading remote resource @ http://localhost:10005/threadpreview. (reason: cors request failed).
firefox firebug request headers:
accept application/json, text/javascript, /; q=0.01 accept-encoding gzip, deflate accept-language en-us,en;q=0.5 cache-control max-age=0 connection keep-alive dnt 1 host localhost:10005 if-none-match w/"ssuy2l+up13mcm2lisgptq==" origin
http://www.kensnote.com referer http://www.kensnote.com/ user-agent mozilla/5.0 (x11; linux i686; rv:39.0) gecko/20100101 firefox/39.0
in browser implementing cors, each cross-origin or post request preceded options request checks whether or post ok.
basically, cors, firefox send preflight options check before real request. in server code, should send ok response options
request. check following example code can used in route (or middleware):
res.header("access-control-allow-headers", "authorization, origin, x-requested-with, content-type, accept"); res.header("access-control-allow-methods", "patch, post, get, put, delete, options"); if ('options' === req.method) { return res.send(200); }
Comments
Post a Comment