Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

No CORS headers are set on the client javascript file

See original GitHub issue

You want to:

  • report a bug
  • request a feature

Current behaviour

When serving the client via settings the serveClient option, the client is not served with the same CORS headers as the actual socket.io server.

Steps to reproduce (if the current behaviour is a bug)

Start a server with serveClient: true and request /socket.io/socket.io.js with an Origin header set.

Observe that the response does not have any Access-Control-Allow-Origin header set.

Expected behaviour

That the response has the same CORS headers as the normal operation.

Other information (e.g. stacktraces, related issues, suggestions how to fix)

This function (and the corresponding serveMap) should do the same origin checking as this code.

Issue Analytics

  • State:open
  • Created 4 years ago
  • Comments:8 (1 by maintainers)

github_iconTop GitHub Comments

3reactions
eltharyndcommented, Feb 3, 2022

Is it me or CORS don’t have to be “set” on client side… you have to tell the server which cors will be accepted.

Here’s my implementation to allow all in typescript

this.app.use(cors({
    origin: '*',
    optionsSuccessStatus: 200,
}))

the browser is responsible for indicating the origin domain and you have no control over that for security reasons…

I might be mistaken…

Also, even if, this should probably go on the socket.io-client github 😃

0reactions
darrachequesnecommented, Jan 24, 2022

@bilalsha sure!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Fixing Common Problems with CORS and JavaScript
Tutorial: This post walks through troubleshooting and fixing common problems associated with calling REST APIs from JavaScript.
Read more >
Why does my JavaScript code receive a "No 'Access-Control ...
When Origin header is not set, usually servers allow such requests by ... Origin this is CORS, and when the server detects such...
Read more >
Cross-Origin Resource Sharing (CORS) - MDN Web Docs
Also, a non-standard HTTP X-PINGOTHER request header is set. Such headers are not part of HTTP/1.1, but are generally useful to web applications ......
Read more >
CORS Enabled - W3C Wiki
Currently, client-side scripts (e.g., JavaScript) are prevented from ... <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>.
Read more >
Fetch Standard
The CORS-unsafe request-header names , given a header list headers , are determined as follows: Let unsafeNames be a new list. Let ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

socket.client.request.client.getPeerCertificate() always returns null.

Next page

Prevent socket io from emitting ping timeout for inactive or not focused browser page in mobile browsers chrome, firefox and safari.