-1

I have found a lot of information about the CORS policy problem, but nothing worked even when I have tried every solution I found here.

My last attempt was this in the nodejs server:

var express = require('express');
var app = express();

var spawn = require('child_process').spawn;
var fs = require('fs');

app.use(express.static('public'));

const server = require('https').createServer({
    key: fs.readFileSync('/home/example/ssl/keys/c231f_0ca89_7b80bf6d84934d212df326eee9c6319f.key'),
    cert: fs.readFileSync('/home/example/ssl/certs/streaming_desytec_com_c231f_0ca89_1609334228_a73b63988075270c9f680f383b6e6a99.crt')
}, app);

var io = require('socket.io')(server);
io.set('origins', 'https://localhost:44356');

Despite my effort to solve this, I always get this error in the socket.io client:

Access to XMLHttpRequest at 'https://streaming.example.com/socket.io/?framespersecond=15&audioBitrate=22050&EIO=3&transport=polling&t=NJbfyAD' from origin 'https://localhost:44356' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

How can I really solve this?

My website is in localhost and the nodejs server is running on a linux server remotely.

EDIT: I have this last attempt:

var cors = require('cors')

var corsOptions = {
  origin: 'https://localhost:44356',
  optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
}

app.use(cors());
app.get('/socket.io/', cors(corsOptions), function (req, res, next) {
  res.json({msg: 'This is CORS-enabled for all origins!'})
})

app.use(express.static('public'));

it still does not work. I am wondering if that app.get call I wrote is correct, considering that the URL of the server will be:

/socket.io/?framespersecond=15&audioBitrate=22050&EIO=3&transport=polling&t=NJbfyAD

jstuardo
  • 3,901
  • 14
  • 61
  • 136
  • 1
    The error literally tells you what the problem is: you're trying to access `https://streaming.example.com` from `http://localhost`, so unless you [configured the server](https://github.com/expressjs/cors) that's running as `streaming.example.com` (as far as it knows) to send the `Access-Control-Allow-Origin` header, with a value that allows `localhost` to use its assets, nothing is going to happen here. – Mike 'Pomax' Kamermans Oct 01 '20 at 20:38
  • eeeeehm..... I know the cause, of course, but what I don't know is the solution, I have tried everything in my nodejs server but I don't get that header to be sent – jstuardo Oct 01 '20 at 20:49
  • by the way, I also installed cors module and used app.use(cors()) but no avail. What I did not do was to validate it using `app.get('/products/:id', function (req, res, next) {... I will do it next. – jstuardo Oct 01 '20 at 20:52
  • I have modified the question with the last attemppt using CORS module. – jstuardo Oct 01 '20 at 22:22
  • `app.use(cors())` with what options? And then what are the headers you see in your dev tools "network" tab when you click on the request? – Mike 'Pomax' Kamermans Oct 02 '20 at 01:48

1 Answers1

-1
yourapp.use(
  cors({
    origin: (origin, callback) => callback(null, true),
    credentials: true // if using cookies
  })
);

You can control it based on your environment.

Vahid Alimohamadi
  • 4,900
  • 2
  • 22
  • 37