Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Access-Control-Allow-Origin - not possible to host application clients on other hosts

See original GitHub issue

I don’t know if its an issue or a ‘feature’ but in the old version I can do something like: io.set(‘Origin’:‘*’)

The reason to do this is because our application will be hosted on many different hostnames (websites) (origins). And only one server host.

In other words, its not possible to host our application clients on other hosts.

We don’t use express or other modules, to keep it as clean as possible. request_handler = require(‘./request_handler’);

            inspect = require('util').inspect;
            app = require('http').createServer(request_handler.handler);
            io = require('socket.io').listen(app,{
                    'pingTimeout':60000,
                    'transports':['xhr-polling','polling', 'websocket', 'flashsocket'],
                    'pingInterval':25000,
                    'allowUpgrades':true,
                    'cookie':'io'
            });

app.listen(8090);

The error we get is: OPTIONS http://_serverhost__:8090/socket.io/?EIO=2&transport=polling&sid=DWGmxtENtfqN_h1GAAAA No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin 'http://clienthost**’ is therefore not allowed access. v1.js?c=b3f0c7f6bb763af1be91d9e74eabfeb199dc1f1f:5798 XMLHttpRequest cannot load http://serverhost:8090/socket.io/?EIO=2&transport=polling&sid=DWGmxtENtfqN_h1GAAAA. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://**_clienthost****’ is therefore not allowed access.

I removed the original serverhost name and clienthost

Issue Analytics

State:
Created 10 years ago
Comments:11

Top GitHub Comments

6reactions

shades3002commented, Oct 25, 2016

yo lo solvente asi:

npm install cors
var cors = require(‘cors’); 3)app.use(cors());

6reactions

avinashegacommented, Jun 2, 2014

You can host your application on a different host but make sure you server the client socket.io.js from the same host where you are trying to connect to.

for example, my initial client code was this and it was throwing CORS error

<script src="/socket.io/socket.io.js"></script>
var socket = io.connect('http://mydomain.com/');

once I modified it to this, it worked alright.

<script src="http://mydomain.com/socket.io/socket.io.js"></script>
var socket = io.connect('http://mydomain.com/');

And my server code is,

var express = require('express');
var app = express();
app.use(function(req, res, next) {
        res.header("Access-Control-Allow-Origin", "*");
        res.header("Access-Control-Allow-Headers", "X-Requested-With");
        res.header("Access-Control-Allow-Headers", "Content-Type");
        res.header("Access-Control-Allow-Methods", "PUT, GET, POST, DELETE, OPTIONS");
        next();
    });
var server = http.createServer(app);
io = socketio.listen(server, {log:false, origins:'*:*'});
... //io.connect and events below

Top Results From Across the Web

3 Ways to Fix the CORS Error — and How the Access-Control ...

Fix one: install the Allow-Control-Allow-Origin plugin. The quickest fix you can make is to install the moesif CORS extension .

Origin <origin> is not allowed by Access-Control-Allow-Origin

Since they are running on different ports, they are different JavaScript origin . It doesn't matter that they are on the same machine/hostname....

Access-Control-Allow-Origin - HTTP - MDN Web Docs - Mozilla

The Access-Control-Allow-Origin response header indicates whether the response can be shared with requesting code from the given origin.

CORS and the Access-Control-Allow-Origin response header

In this section we explain what the Access-Control-Allow-Origin header is in respect of CORS, and how it forms part of CORS implementation.

CORS Enabled - W3C Wiki

It is also not possible to specify more than one Access-Control-Allow-Origin header.) At the HTTP Server level... Security Note: The examples given below...