admin管理员组

文章数量:1323723

My Node.js server code is running on an AWS instance. It looks like this:

var express = require('express');
var http = require('http');
var bodyParser = require('body-parser');
var logger = require('morgan');
var cors = require('cors');
var SuperLogin = require('superlogin');
 
var app = express();
app.set('port', process.env.PORT || 3000);
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cors());
 
app.use(function(req, res, next) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header('Access-Control-Allow-Methods', 'DELETE, PUT');
   res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
   next();
});
 
var config = {
  dbServer: {
    protocol: 'http://',
    host: 'localhost:5984',
    user: '',
    password: '',
    userDB: 'sl-users',
    couchAuthDB: '_users'
  },
  mailer: {
    fromEmail: '[email protected]',
    options: {
      service: 'Gmail',
        auth: {
          user: '[email protected]',
          pass: 'userpass'
        }
    }
  },
  security: {
    maxFailedLogins: 3,
    lockoutTime: 600,
    tokenLife: 86400,
    loginOnRegistration: true,
  },
  userDBs: {
    defaultDBs: {
      private: ['supertest']
    }
  },
  providers: { 
    local: true
  }
}
 
// Initialize SuperLogin 
var superlogin = new SuperLogin(config);
 
// Mount SuperLogin's routes to our app 
app.use('/auth', superlogin.router);
 
app.listen(app.get('port'));
console.log("App listening on " + app.get('port'));

My Node.js server code is running on an AWS instance. It looks like this:

var express = require('express');
var http = require('http');
var bodyParser = require('body-parser');
var logger = require('morgan');
var cors = require('cors');
var SuperLogin = require('superlogin');
 
var app = express();
app.set('port', process.env.PORT || 3000);
app.use(logger('dev'));
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cors());
 
app.use(function(req, res, next) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header('Access-Control-Allow-Methods', 'DELETE, PUT');
   res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
   next();
});
 
var config = {
  dbServer: {
    protocol: 'http://',
    host: 'localhost:5984',
    user: '',
    password: '',
    userDB: 'sl-users',
    couchAuthDB: '_users'
  },
  mailer: {
    fromEmail: '[email protected]',
    options: {
      service: 'Gmail',
        auth: {
          user: '[email protected]',
          pass: 'userpass'
        }
    }
  },
  security: {
    maxFailedLogins: 3,
    lockoutTime: 600,
    tokenLife: 86400,
    loginOnRegistration: true,
  },
  userDBs: {
    defaultDBs: {
      private: ['supertest']
    }
  },
  providers: { 
    local: true
  }
}
 
// Initialize SuperLogin 
var superlogin = new SuperLogin(config);
 
// Mount SuperLogin's routes to our app 
app.use('/auth', superlogin.router);
 
app.listen(app.get('port'));
console.log("App listening on " + app.get('port'));

I am using an ionic 2 App that makes PUT calls to the Node.js server running on port 3000. When running the App in the browser on my laptop (using ionic serve) the PUT call gives the CORS error:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading 
the remote resource at http://ec2-xx-xxx-xx-4xx.eu-central-1.pute.amazonaws./auth/login. 
(Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

As far as I can tell the server code is setup to allow all origins but I am getting this error nonetheless.

Share Improve this question asked Jan 21, 2017 at 21:00 Bill NobleBill Noble 6,73420 gold badges77 silver badges136 bronze badges 3
  • have you tried to add OPTIONS to Access-Control-Allow-Methods? Have a look at developer.mozilla/en-US/docs/Web/HTTP/… – Johannes Merz Commented Jan 21, 2017 at 21:28
  • Using PUT will trigger the browser to preflight the PUT request with an OPTIONS request. So, you will have to support the OPTIONS request in your server in addition to the PUT request and return the appropriate info when you get the OPTIONS request. Note: certain other conditions on a request can also trigger a preflight with OPTIONS so it's generally a good idea to always support it if you want CORS to work. – jfriend00 Commented Jan 21, 2017 at 21:34
  • I am not sure how to add handling of OPTIONS. The code I am using is an existing node package. – Bill Noble Commented Jan 21, 2017 at 21:39
Add a ment  | 

1 Answer 1

Reset to default 6

This is because the preflight is triggered, which means that an OPTIONS request will arrive at your server. This is well explained at this description by MDN as pointed out by @johannes merz in the ments to your question.

You can instruct your server to accept it by rep something like this:

app.use(function(req, res, next) {
   res.header("Access-Control-Allow-Origin", "*");
   res.header('Access-Control-Allow-Methods', 'DELETE, PUT');
   res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
   if ('OPTIONS' == req.method) {
      res.sendStatus(200);
    }
    else {
      next();
    }});

本文标签: javascriptNodejs server gives CrossOrigin Request BlockedStack Overflow