0

I have a REST API running on Node JS with Express.

I keep having issues with CORS because the front end is HTTPS and the backend API is HTTPS which frequently, but not always gets reported as a violation.

I am trying to secure the API with a Let's Encrypt cert but I seem to be missing something.

Here is the code that initializes the express server:

require('dotenv').config();

const https = require("https"),
fs = require("fs");

const app = require("./src/app");

const port = process.env.PORT || 8000;

https
.createServer(
    {
        key: fs.readFileSync('/etc/letsencrypt/live/myserver.com/privkey.pem', 'utf8'),
        cert: fs.readFileSync('/etc/letsencrypt/live/myserver.com/fullchain.pem', 'utf8')
    },
    app
 )
 .listen(8000, function() {
     console.log('HTTPS listening on PORT 8000');
 });

Is there another approach? Or am I just doing it wrong?

CURL still works on HTTP which surprises me. There shouldn't be an HTTP server listening on 8000. GET calls work without the SSL configuration but POSTs always fail.

All the APIs work locally, it's just when I push it to production that it fails. But then, locally, it's not running HTTPS so there is no violation.

I haven't seen posts that address this specifically so I have to wonder what I'm missing. This has to be a common scenario.

Thanks for any help.

Tex Evans
  • 47
  • 1
  • 8

1 Answers1

0

Try either of these solutions, whatever suits you:

 import * as Cors from 'cors';

 const cors = Cors( { origin: true } );

 app.use( cors );

var cors = require('cors');

var app = express();

app.use(cors());
HellaSpace
  • 91
  • 5
  • Thanks for the reply. I have cors defined on the app.js page that is imported. Do you think it's not coming over? – Tex Evans Nov 23 '21 at 16:49