문제
I am using Express 3.4.8 and have set up a handler for all my routes, checking for privileges.
Let's assume that the credentials (which are sent with every request) are invalid. I'd like to respond with a status of 403 in that case.
https://stackoverflow.com/questions/21830918
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianapp.all('*',function(req,res,next){
//req.body contains an object `credentials`
res.send(403);
});
If i do so, req.body will be an empty object. Note that the request is made from an Angular app and is definetly correct.
As soon as i omit the status, everything will work fine. Like that:
app.all('*',function(req,res,next){
res.send('Im not a status code');
});
In that case, req.body will contain the credentials as expected. Remember, the original request is made externally and never touched.
Can anyone reproduce this and has a tip on how to fix it?
This is slowly corroding my inward peace. the whole process makes absolutely no sense at all. If i do a console.log(req.body) at the very beginning of the logic, thus before the authCheck decides whether or not the credentials are valid, it still fails.
해결책
I still have no idea why this failed in this specific way, but yet i found a solution.
The "failure" was caused by the fact that CORS will cause Angular to send an OPTIONS request.
See: AngularJS performs an OPTIONS HTTP request for a cross-origin resource
I respond with a simple status 200 messsage for each OPTIONS request, after that, the original POST will pass as expected.
