javascript - CORS 'Allow-Credentials' NodejsExpress - Stack Overflow

admin管理员组

文章数量:1194172

My project is running on Node with an Express backend.

I'm trying to query my Arango database clientside with Arangojs. ArangoDB is running on Docker on Digital Ocean. I have no issues querying my database serverside, however I get the following error on page load:

Failed to load :8529/_db/database/_api/cursor: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is 'false' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:3000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

My code on the clientside js looks like this:

var db = new arangojs.Database({url:':8529'})
db.useDatabase(dbase)
db.useBasicAuth("database", 'password')
db.query('FOR doc IN docs RETURN doc') // etc. etc.

EDIT: 1 year later in hindsight this question is pretty silly - The correct answer for this is don't expose your database credentials through clientside JS... Communicate with your backend, and have that communicate with your datastore.

My project is running on Node with an Express backend.

I'm trying to query my Arango database clientside with Arangojs. ArangoDB is running on Docker on Digital Ocean. I have no issues querying my database serverside, however I get the following error on page load:

Failed to load http://0.0.0.0:8529/_db/database/_api/cursor: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is 'false' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:3000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

My code on the clientside js looks like this:

var db = new arangojs.Database({url:'http://0.0.0.0:8529'})
db.useDatabase(dbase)
db.useBasicAuth("database", 'password')
db.query('FOR doc IN docs RETURN doc') // etc. etc.

EDIT: 1 year later in hindsight this question is pretty silly - The correct answer for this is don't expose your database credentials through clientside JS... Communicate with your backend, and have that communicate with your datastore.

• javascript
• node.js
• express
• cors
• xmlhttprequest

Share Improve this question Follow edited May 11, 2019 at 1:04 asked Mar 9, 2018 at 7:55 user9081620user9081620 8

• 3 My code on the clientside js looks like this:. Really ? you are connecting to db on client side ? – Muhammad Usman Commented Mar 9, 2018 at 7:59
• you should try connecting db from server side I think the problem will be resolved – Saikat Hajra Commented Mar 9, 2018 at 8:00
• 2 one thing to note is that when sending Allow-Credentials true, you can't Allow-Origin * – Jaromanda X Commented Mar 9, 2018 at 8:10
• 1 @jayf93. that's not how this works. you should make a connection to the db on server side and send request for data to the server. – Muhammad Usman Commented Mar 9, 2018 at 8:44
• 1 there you go expressjs.com/en/guide/database-integration.html – Muhammad Usman Commented Mar 9, 2018 at 9:27

 |  Show 3 more comments

2 Answers 2

Sorted by: Reset to default 16

You are configuring cors() wrong, you have to use credentials property in order to configure Access-Control-Allow-Credentials:

var cors = require('cors');
var corsOptions = {
    origin: '*',
    credentials: true };

app.use(cors(corsOptions));

Besides that, your app.all(* ... isnt necessary because app.use(cors(corsOptions)); will already handle it for you.

You must set origin with a "trusted" URL or an array of "trusted" URLs, each with protocol + domain + port when, you configure cors with credentials. origin : '*' is blocked, because using credentials for every origin is too permissive. It is like not using credentials at all.

本文标签： javascriptCORS 39AllowCredentials39 NodejsExpressStack Overflow