These are chat archives for codefellows/sea-b15-javascript

29th
Sep 2014
kevin-staiger
@kevin-staiger
Sep 29 2014 21:26
Hey I am going to throw out another question to see if anyone has run into this problem. I have a simple express server that I am running my app on, and when I make a post request to my api I receive an error that says No 'Access-Control-Allow-Origin' header is present on the requested resource, so as far as I understand i am having a CORS problems and need to set up a proxy to route my requests through. I have to tried a number of different ways to no avail, does anyone have an idea on how to go about this?
BrockBeaudry
@BrockBeaudry
Sep 29 2014 22:00
shouldn't need a proxy
kevin-staiger
@kevin-staiger
Sep 29 2014 22:05
oh cool, and you just put this is in your server.js file or your app.js?
BrockBeaudry
@BrockBeaudry
Sep 29 2014 22:06
It goes on the server side. I required it into server.js and passed it to the routes that needed CORS support.
Also, if you're sending a 'complex' request (custom headers or put/delete) you'll need to be sure to enable pre-flight handling in that package. If you're not sure you can check the network tab in chrome when sending a request. The browser will send an OPTIONS request before it executes your POST request.
kevin-staiger
@kevin-staiger
Sep 29 2014 22:16
awesome thanks a lot
Kevin Stephens
@kevinmstephens
Sep 29 2014 22:36
the problem is that your app is not being loaded from the same origin as your API. If your API also served up the html file then the API and the app would have the same origin.
Your api needs to send a header. Access-Control-Allow-Origin: * (* being any origin allowed). If you want only your app with it's origin you can put your origin in place of the *
I wouldn't suggest setting up a proxy if it's an html app. Just setup your api server properly to take CORS requests. You can only specify * or one host at a time. So if you have a whitelist of origins you can check the request origin against your whitelist and send back the origin if it's on the whitelist, or deny the request if it's not
Kevin Stephens
@kevinmstephens
Sep 29 2014 22:41
CORS in yo face!
kevin-staiger
@kevin-staiger
Sep 29 2014 23:01
I have tried to send my header like that and a variety of other ways but I still receive the same error