Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Stanislav2018-04-08 11:05:18
JavaScript
Stanislav, 2018-04-08 11:05:18

The post request to the subdomain (Access-Control-Allow-Origin) does not pass, how to solve the problem?

I have a subdomain which is located on another server, this subdomain accepts requests for uploading photos, both domains are on https.
When submitting a file from a form, an error occurs in the console

Failed to load https://img.site.com/add_image: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://site.com' is therefore not allowed access. The response had HTTP status code 405.

Node.js (Express.js) is also installed on the subdomain, I set the necessary headers in the app.js file
app.use((request, response, next) => {

    const allowedOrigins = [
        'http://localhost:3000',
        'https://site.com'
    ]
    , origin = request.headers.origin

    console.log(origin)

    if(allowedOrigins.indexOf(origin) > -1) response.setHeader('Access-Control-Allow-Origin', origin)
    
    response.header('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS')
    response.header('Access-Control-Allow-Headers', 'Cache-Control, X-Requested-With, csrf-token')
    response.header('Access-Control-Allow-Credentials', true)

    return next()
})

Everything works on the local machine, sent files from localhost:3000 (main site) to localhost:5000 (image server)
From the beginning I thought there was a problem with the origin variable, but the console is silent during POST requests, it only responds to GET.
Spat, decided to create a handler for options, he is also silent, Nginx cuts requests? What to do?
Here is the entire app.js file
const express = require('express')
    , config = require('./config')
    , app = express()
    , logger = require('morgan')
    , errors = require('http-errors')
    , route = express.Router( { strict: true,  caseSensitive: false } )

app.enable('trust proxy')
app.enable('strict routing')
app.enable('case sensitive routing')

app.use((request, response, next) => {

    const allowedOrigins = [
        'http://localhost:3000',
        'https://site.com'
    ]
    , origin = request.headers.origin

    console.log(origin)

    if(allowedOrigins.indexOf(origin) > -1) response.setHeader('Access-Control-Allow-Origin', origin)
    
    response.header('Access-Control-Allow-Methods', 'GET, POST, DELETE, OPTIONS')
    response.header('Access-Control-Allow-Headers', 'Cache-Control, X-Requested-With, csrf-token')
    response.header('Access-Control-Allow-Credentials', true)

    return next()
})


if(app.get('env') == 'development') {
    app.use(logger('dev'))
    app.locals.pretty = true;
} else {
    app.use(logger('combined', { skip: (req, res) => { return res.statusCode < 404 } }))
    app.locals.pretty = '\r';
}

app.use((request, response, next) => {
    (request.config = response.locals.config = config), next()
})


app.use(
    route.post('/add_image, require('./add_image').post)
)

// catch 404 and forward to error handler
app.use((req, res, next) => {
    next(errors(404))
})

// error handler
app.use((e, request, response, next) => {
    response.status(e.status || 500)
    response.send(e.message)
})

app.listen(config.PORT, (e) => {
    if (e) {
        return console.log('something bad happened', e)
    }
    console.log(`server is listening on ${config.PORT}`)
})

add_image.js file
exports.post = (request, response, next) => {
    console.log('Молчит как рыба об лед')
}

Sending data with Fineuploader
new qq.FineUploader({
                        debug: true,
                        element: '#upload',
                        request: {
                            endpoint: 'https://img.site.com/add_image', 
                            customHeaders: {
                                "csrf-token": 'data-csrf'
                            }
                        },
                        cors: {
                            //all requests are expected to be cross-domain requests
                            expected: true,
                            //if you want cookies to be sent along with the request
                            sendCredentials: true
                        }
                    })

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Stanislav, 2018-04-08
@ms-dred

The problem was with Nginx

Report
A
Andrey Kvartsov, 2018-04-08
@kolesov_prod

To allow access from any domain, add to the very beginning of the file: To allow access only from yours, add to the very beginning of the file:

header('Access-Control-Allow-Origin: http://yourdomain.ru');

Similar questions
S
sorry_i_noob2019-09-23 20:00:31
If I take a remote resource (.js, .css, .jpg...) via https, and the site with the resource is available via http. Or vice versa. Is it always possible to take? 3Reply
T
Tony13372017-04-27 03:43:47
C# - How to assign a variable to a specific place in a sentence? 3Reply
I
Ilia V. Soldatkin2019-09-29 00:05:39
How to remove the class of only one element from several? 2Reply
S
sorry_i_noob2019-10-09 10:18:38
Joomla has a product card. How can I find her code to correct / add something? 6Reply
D
DizZa2015-05-24 15:48:21
SSD + mdamd RAID10 + LVM + KVM how to make TRIM work in Windows guests? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question