Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CORS problem (No 'Access-Control-Allow-Origin') on client

See original GitHub issue

Hi all,

Typically if you do have server with sockets on another domain and you do simple first line io('YOUR_HOST'), you will receive this message: XMLHttpRequest cannot load YOUR_HOSTsocket.io/?EIO=3&transport=polling&t=1446467052356-0. No 'Access-Control-Allow-Origin'...

First appeared in head, that I need to look at documentation and find out how to set it from there, but eventually I did not find anything because of pure documentation. Then I entered source code and the only 2 usages of setRequestHeader method, which is actually allow you to do that, is only for setting content-type if POST method is chosen.

Could you help me to fix this issue?

Issue Analytics

State:
Created 8 years ago
Comments:25 (2 by maintainers)

Top GitHub Comments

19reactions

hasanraza-axovelcommented, Aug 3, 2017

I’m using cors extension for google chrome and socket.io for chat application on my nodejs+Angular2 app but it is giving follwing error. XMLHttpRequest cannot load http://localhost:8000/socket.io/?username=amit&EIO=3&transport=polling&t=LsdeeNk. The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. Origin ‘http://localhost:4200’ is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

6reactions

turnerhayescommented, Jun 8, 2017

It appears that Socket.io’s definition of “origin” is somewhat different from the normal one (at least the one on MDN): Socket.io doesn’t seem to want the scheme to be included. See this block of code which checks the origin against the origins array. It looks for domain + ':' + port. So if you set your origins to be ['https://example.com:6789'], it won’t find the origin in your array. If you set origins to ['example.com:6789'], then it should work (at least it did for me when I removed the scheme).

It seems an open question to the project authors whether this constitutes a bug.

Top Results From Across the Web

3 Ways to Fix the CORS Error — and How the Access-Control ...

Fix one: install the Allow-Control-Allow-Origin plugin. The quickest fix you can make is to install the moesif CORS extension .

What Is a CORS Error and How to Fix It (3 Ways) - Bannerbear

A CORS error is common when making an HTTP request to another origin. ... No 'Access-Control-Allow-Origin' header present; No 'Access-Control-Allow-Headers' ...

Why does my JavaScript code receive a "No 'Access-Control ...

This question is not about how to fix a "No 'Access-Control-Allow-Origin'..." error. It's about why they happen. Please stop posting: CORS ...

Fixing Common Problems with CORS and JavaScript

Tutorial: This post walks through troubleshooting and fixing common problems associated with calling REST APIs from JavaScript.

Resolve the "No 'Access-Control-Allow-Origin' header" error ...

I'm getting the CORS error "No 'Access-Control-Allow-Origin'" on my requested ... Note: Be sure also to forward the header as part of your...