Configuring access-control-allow-origin for development environment purposes #295
Comments
|
I don't follow your scenario. Can you describe it in more detail, perhaps a diagram? The |
|
Server: http://localhost:8081 For some reason, the connection fails due to CORS: The "disable_cors" parameter has not been set, thus CORS is enabled. It seems that the issue is in something else. The request doesn't even reach any of the checkpoints where sockjs sets the CORS headers (xhr and eventsource transport). My current workaround was adding a proxy path (http://localhost:8081/ -> http://localhost:8080/) and the CORS issue got resolved when the application was opened at the proxy path. I think it's important to mention that I am using expressjs along with sockjs. It may be the reason for such behaviour, because websocket connections also fail for unknown reason (which is why the application falls back to xhr polling). const server = app.listen(8081); |
|
Using express is fine, there is an example of how to use it even: https://github.com/sockjs/sockjs-node/blob/v0.3/examples/express/server.js |
Imagine a situation, where you are running the service on one port and the frontend dev server on another. It's impossible to use sockjs connections, because it will end up with CORS error (origin differs from the backend server url).
How about enable configuring the default response header for Access-Control-Allow-Origin in middleware.js#L123? If you are worried about the potential of unintended security flaws then add an explicit check to not allow overriding it in production environment.
The text was updated successfully, but these errors were encountered: