1

I am trying to get a web page running on :9000 to make a request to a reverse proxy running in node on :8080 to accept requests as if it was on the same domain. I have learned that a different port == a different domain, thus OPTIONS requests are sent. My server comes back with 401 unauthorized, and angular's http client gets the response with no data, no code with a console error "invalid http status code 401 unauthorized".

I just want the reverse proxy to act as if it was on the same domain and say "OK" to these options requests.

httpete
  • 2,765
  • 26
  • 34

1 Answers1

0

It is the responsibility of the reverse proxy to respond to the OPTIONS request with the expected CORS headers. Can you provide more details on the node reverse proxy. Is it express based ?

These are the headers you need to respond with (your use case may vary but this is what I needed in a recent project):

res.setHeader('Access-Control-Allow-Origin', 'whatever.com:9000');
res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
res.setHeader('Access-Control-Allow-Credentials', true); // you probably dont want this one unless there is auth/cookies involved
res.setHeader('Access-Control-Allow-Methods', 'GET,PATCH,POST,PUT,DELETE');
zayquan
  • 7,544
  • 2
  • 30
  • 39
  • Note also on the angular side, if you want to use the same cookie when you send requests to the reverse proxy, you probably need to investigate the use of the `withCredentials: true` flag, otherwise your cookie wont get added to the requests. – zayquan Aug 29 '15 at 03:53
  • It isn't express based - it's just a tiny javascript file that runs node-http-proxy that sits in front of a spring server. – httpete Aug 29 '15 at 10:57
  • 1
    In that case your http proxy is probably forwarding the HTTP OPTIONS requests to the spring server, and it becomes the responsibility of the spring server to answer the OPTIONS request. You could inspect the logs of both the node-http-proxy (register an event handler for all requests that just writes details to console.log) and the spring server to verify that the CORS requests are being forwarded to the spring server. – zayquan Aug 30 '15 at 06:10