Question
I worked with two nodejs (no Express) application :
webprocess dataprocess
dataprocess sends back a rest message with this code :
https://stackoverflow.com/questions/16535208
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianvar status = 200;
if (responseStatus) {
status = responseStatus;
}
var contentType = "application/json; charset=utf-8";
if (responsecontentType) {
contentType = responsecontentType;
}
this.response.statusCode = status;
//http://www.w3.org/TR/cors/
//The server allows any domain to call it with the XMLHttpRequest
this.response.setHeader("Access-Control-Allow-Origin", this.request.headers.origin);
//The server allow the content-type header
this.response.setHeader("Access-Control-Allow-Headers", "Content-Type");
this.response.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS");
this.response.setHeader("Content-Type", contentType);
this.response.end(contentText);
In local, everything is ok, the "Access-Control-Allow-Origin" works fine. But, when I create two apps on heroku and deploy, I get the browser cross-domain exception on the pre-flight ajax call (OPTIONS). Not sure what's wrong?
Thanks for your help
Yoann
La solution
If you want to allow any domain to call your endpoint as per the comment in your code, you would use a wildcard instead of this.request.headers.origin
//The server allows any domain to call it with the XMLHttpRequest
this.response.setHeader("Access-Control-Allow-Origin", "*");
