-1

I want to get my data using using express. Here's the code:

const express = require('express');
const app = express();
const cors = require('cors');
require('dotenv/config');

// Middlewares
app.use(cors());
app.use(express.json());

// Routes
const postRouter = require('./routes/posts');
app.use('/posts', postRouter);

// Mongoose connect
const mongoose = require('mongoose');
mongoose.connect(
    process.env.DB_CONNECTION,
    { useNewUrlParser: true },
    () => console.log("You are connected to MongoDB")
);

// Port listen
app.listen(2998);

These node+express code works perfect using Postman.

But it always show CORS error when im fetching using javascript. Here's the JS code:

let url = "https://localhost:2998/posts/"
    fetch(url)
    .then(result => {
        console.log(result);    
    })
    .then(data => {
        console.log("data: " + data)
    });

And the console says:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://localhost:2998/posts/. (Reason: CORS request did not succeed).

. . . . .

SOLVED ! It just can't run the https protocol, so i need to change it to http://localhost/2998. Still, I don't know why it happen to be like that

lzadhito
  • 25
  • 4
  • your localhost is using https protocol? – Rajan Sharma Jul 26 '19 at 09:45
  • yes, is there any issue with https? im new to this anyway hehe – lzadhito Jul 26 '19 at 09:54
  • No, just cross verifying things,try this out if it helps https://stackoverflow.com/questions/18310394/no-access-control-allow-origin-node-apache-port-issue – Rajan Sharma Jul 26 '19 at 09:58
  • "SOLVED ! It just can't run the https protocol" — This makes no sense at all since you said it worked when you used postman. Unless you changed the URL you were using when you switched to JS … which is pretty damn significant! – Quentin Jul 26 '19 at 12:03

1 Answers1

-1

I believe you did not set the CORS options. Please try the following:

const express = require('express');
const app = express();
const cors = require('cors');
require('dotenv/config');

// CORS Options: But customise according to your needs
const options = {
    allowedHeaders: ["Origin", "Content-Type", "Accept", "Authorization"],
    methods: "GET,HEAD,OPTIONS,PUT,PATCH,POST,DELETE",
    origin: "*",
    preflightContinue: false
};

// Middlewares
app.use(cors(options));
app.use(express.json());

// Routes
const postRouter = require('./routes/posts');
app.use('/posts', postRouter);

// Mongoose connect
const mongoose = require('mongoose');
mongoose.connect(
    process.env.DB_CONNECTION,
    { useNewUrlParser: true },
    () => console.log("You are connected to MongoDB")
);

// Port listen
app.listen(2998);
Sagar Chilukuri
  • 1,430
  • 2
  • 17
  • 29
  • "allowedHeaders" — They aren't sending custom versions of any of those. This isn't needed. – Quentin Jul 26 '19 at 10:08
  • "credentials" — They aren't sending credentials. This isn't needed. – Quentin Jul 26 '19 at 10:09
  • "methods" — They are making a GET request, that is allowed by default. This isn't needed. – Quentin Jul 26 '19 at 10:09
  • "origin" — That's the default. You don't need to specify it explicitly. – Quentin Jul 26 '19 at 10:09
  • 1
    Well, I said, customise `as you need it.` Pasted my code. Not a bad option, if you need to restrict headers too. I dont understand the downvote. – Sagar Chilukuri Jul 26 '19 at 10:10
  • "preflightContinue" — I don't see why it would be useful to pass the preflight request on to the next handler here. – Quentin Jul 26 '19 at 10:10
  • "Well, I said, customise as you need it" — They don't need to customise it **at all**. The defaults for everything should be fine. – Quentin Jul 26 '19 at 10:10
  • 1
    StackOverFlow is a knowledge sharing platform, and when an answer is posted, it doesn't have to be for the exact problem. It is meant to encourage the person asking questions `help` solve the problem. So, point being, having `allowedHeaders` or `credentials` is not wrong, just because the OP doesn't need it. It might help someone else stumbling here. – Sagar Chilukuri Jul 26 '19 at 10:16
  • Thank you for the answer @SagarCh. It solved by not using https protocol, however I think I'm going to use the options code for later, Thanks :) – lzadhito Jul 26 '19 at 10:36