How to enable cross-origin resource sharing (CORS) in the express.js framework on node.js
Check out the example from enable-cors.org:
In your ExpressJS app on node.js, do the following with your routes:
app.all('/', function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next(); });app.get('/', function(req, res, next) { // Handle the get for this route});app.post('/', function(req, res, next) { // Handle the post for this route});
The first call (app.all
) should be made before all the other routes in your app (or at least the ones you want to be CORS enabled).
[Edit]
If you want the headers to show up for static files as well, try this (make sure it's before the call to use(express.static())
:
app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next();});
I tested this with your code, and got the headers on assets from the public
directory:
var express = require('express') , app = express.createServer();app.configure(function () { app.use(express.methodOverride()); app.use(express.bodyParser()); app.use(function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next(); }); app.use(app.router);});app.configure('development', function () { app.use(express.static(__dirname + '/public')); app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));});app.configure('production', function () { app.use(express.static(__dirname + '/public')); app.use(express.errorHandler());});app.listen(8888);console.log('express running at http://localhost:%d', 8888);
You could, of course, package the function up into a module so you can do something like
// cors.jsmodule.exports = function() { return function(req, res, next) { res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "X-Requested-With"); next(); };}// server.jscors = require('./cors');app.use(cors());
Following @Michelle Tilley solution, apparently it didn't work for me at first. Not sure why, maybe I am using chrome and different version of node. After did some minor tweaks, it is working for me now.
app.all('*', function(req, res, next) { res.header('Access-Control-Allow-Origin', '*'); res.header('Access-Control-Allow-Methods', 'PUT, GET, POST, DELETE, OPTIONS'); res.header('Access-Control-Allow-Headers', 'Content-Type'); next();});
In case someone facing similar issue as mine, this might be helpful.