Ad

CORS Bug Node Js And Fetch

- 1 answer

I'm trying to use the browsers native fetch with node Express crossdomain and I'm running into some strange behaviour. I have a frontend server running on port 4000 and the server on port 5000. I configured the CORS for express like this. (Tried with the CORS lib, it didn't work as well)

app.use(function (req, res, next) {

    res.header("Access-Control-Allow-Origin", "*");
    res.header("Access-Control-Allow-Methods", "GET, POST, PUT, PATCH, DELETE, OPTIONS");
    res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    res.header("Access-Control-Allow-Credentials", 'true');

    if (req.method === "OPTIONS") {
        res.status(200).send()
    } else {
        next();
    }

});

So I'm trying to fetch the result with the following code:

export default {
    getUserInfo: (callback) => {
        let getUser = new Promise((resolve, reject) => {

            fetch('//localhost:5000/account/users/me', {
                credentials: "include",
            })
                .then((response) => {
                    if (response.status == 200) {
                        user = response.json();
                        resolve();
                    } else {
                        reject()
                    }
                })
        })
        return getUser;
    },
    login: (data) => {

    }
}

As soon as I put credentials on "include" I get a CORS error. But the CORS headers seem to be working:

Image of CORS in chrome

Ad

Answer

As it turns out you can not do a wildcard with credentials. You need to specify the URL's you want to give access.

Ad
source: stackoverflow.com
Ad