No CORS headers are set on the client javascript file
See original GitHub issueYou want to:
- report a bug
- request a feature
Current behaviour
When serving the client via settings the serveClient
option, the client is not served with the same CORS headers as the actual socket.io server.
Steps to reproduce (if the current behaviour is a bug)
Start a server with serveClient: true
and request /socket.io/socket.io.js
with an Origin
header set.
Observe that the response does not have any Access-Control-Allow-Origin
header set.
Expected behaviour
That the response has the same CORS headers as the normal operation.
Other information (e.g. stacktraces, related issues, suggestions how to fix)
This function (and the corresponding serveMap
) should do the same origin checking as this code.
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (1 by maintainers)
Top Results From Across the Web
Fixing Common Problems with CORS and JavaScript
Tutorial: This post walks through troubleshooting and fixing common problems associated with calling REST APIs from JavaScript.
Read more >Why does my JavaScript code receive a "No 'Access-Control ...
When Origin header is not set, usually servers allow such requests by ... Origin this is CORS, and when the server detects such...
Read more >Cross-Origin Resource Sharing (CORS) - MDN Web Docs
Also, a non-standard HTTP X-PINGOTHER request header is set. Such headers are not part of HTTP/1.1, but are generally useful to web applications ......
Read more >CORS Enabled - W3C Wiki
Currently, client-side scripts (e.g., JavaScript) are prevented from ... <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule>.
Read more >Fetch Standard
The CORS-unsafe request-header names , given a header list headers , are determined as follows: Let unsafeNames be a new list. Let ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Is it me or CORS don’t have to be “set” on client side… you have to tell the server which cors will be accepted.
Here’s my implementation to allow all in typescript
the browser is responsible for indicating the origin domain and you have no control over that for security reasons…
I might be mistaken…
Also, even if, this should probably go on the socket.io-client github 😃
@bilalsha sure!