admin管理员组

文章数量:1415673

I am trying to send a cookie after login via ajax from localhost to a server hosted somewhere else. TO counter the error related to cookies, I use in my axios: 

var instance = axios.create({ 
   withCredentials: true
});

and in expressjs I have this: 

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  next();
});

So, I am getting this error now

Failed to load : Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:8080' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

How can I tell express to whitelist my domain or how do I just send back the cookie so I can stay logged in?

To add more info, when I make a post (login) request to the expressjs, it returns a cookie, now my browser does not send the cookie by iself, so that is why I am usiing withCredentials

I am trying to send a cookie after login via ajax from localhost to a server hosted somewhere else. TO counter the error related to cookies, I use in my axios: 

var instance = axios.create({ 
   withCredentials: true
});

and in expressjs I have this: 

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  next();
});

So, I am getting this error now

Failed to load https://foo.herokuapp./login: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:8080' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

How can I tell express to whitelist my domain or how do I just send back the cookie so I can stay logged in?

To add more info, when I make a post (login) request to the expressjs, it returns a cookie, now my browser does not send the cookie by iself, so that is why I am usiing withCredentials

  • javascript
  • node.js
  • express
  • cookies
  • axios
Share Improve this question asked Sep 13, 2017 at 12:51 n102866n102866 511 silver badge4 bronze badges
Add a ment  | 

1 Answer 1

Reset to default 3

You replace the * with the origin (http://localhost:8080 in your example).

本文标签: javascripthow to allow cors for specific domain on expressStack Overflow

版权声明:本文标题:javascript - how to allow cors for specific domain on express - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745207046a2647688.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。