I have:const express = require('express') const cors = require('cors') const app = express() .... const corsOptions = { 'origin': true, 'credentials': true, } app.use(cors(corsOptions)) // the rest of the routes... This got everything set up for when the API was running on one port, and the SPA on another. Generally separate ports do raise CORS errors in Chrome, but then everything was fine when I implemented the above, which was awesome. According to the docs that sets all the appropriate headers, and it was working. No more complaints from Chrome in the console. So it came time to deploy. API is up on Heroku no problem. When I go to update the SPA locally, it can't interact with the API because of CORS! The headers are now unreliable. I even tried setting them manually. But somehow now that half of this thing is live everything has changed.POSTS get No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3001' is therefore not allowed access. The response had HTTP status code 503. And in dev tools Network sure enough they are not there. Gets seem to work, but I'm only seeing the credential header, not the origin one, which is supposed to set it to request url, and did during dev when everything was local (though still separate).What am I missing here? How come this works port to port, which counts as different origins, but not local to remote, and what is breaking and how can I fix?
Submitted April 24, 2017 at 07:51PM by L000
No comments:
Post a Comment