Logo

dev-resources.site

for different kinds of informations.

What are CORS? and how to configure it in Node?

Published at
5/13/2024
Categories
cors
node
backenddevelopment
javascript
Author
husnain
Main Article
https://dev.to/husnain/what-are-cors-and-how-to-configure-it-in-node-4c3n
Categories
4 categories in total
cors
open
node
open
backenddevelopment
open
javascript
open
Author
7 person written this
husnain
open
What are CORS? and how to configure it in Node?

CORS, Cross-origin resource sharing, is a policy implemented by the browsers.

Origin

First, let's understand what is origin. Origin is made up of the base url and the port. So https://abc.com, https://abc.com:4040 and https://cba.com are different origins. Note that when we do not provide a port number with <url>:<port>, the default port for https is 443 and for http, its 80. Hence, in the above example of https://abc.com, we have a port of 443 by default.

Cross origin

Cross origin simply means that one origin is trying to connect to another origin.

Cross origin resource sharing

For developing web applications, there are several architecture.

One of the ways to develop web application is to have the Frontend and Backend at the same origin, for example a NextJs Application, which is responsible for both, Frontend and Backend. In this case, whenever Frontend makes a network request to Backend, it requests on the same origin. And hence no CORS policy is implemented by browsers.

Other way to develop web application is to have Frontend and Backend at different origins. Let's say we got Frontend, React Application, at port 5173, vite default port. And Backend, Node application, at port 3000. In this case, we got different origins. And hence whenever a network request is made from React app to Node app, browser will implement CORS policy and possibly throwing an error:

Image description

Network Flow

Let's understand what happens, when a cross-origin network call is made.

  1. Client side (Frontend) sends a preflight request to Server (Backend).
  2. Server responds with whether the Client side's origin is allowed to request the Server or not. If server allows such origin, the response headers have the attribute Access-Control-Allow-Origin with value of origin / origin pattern.
  3. Browser check the response headers and verify if its origin matches the origin pattern against the attribute of Access-Control-Allow-Origin. a. If it does matches, browser re-request the server with the actual payload and executes the required network call. b. If it does not matches, browser throws an error.

Configuring backend to support CORS

Now we know that to configure CORS, we only need to modify our response headers to have the attribute of Access-Control-Allow-Origin which matches the origin pattern of the client.

One way of configuring CORS, is by simply using the package, cors and use the middleware provided by cors

const express = require("express");
const cors = require("cors");

const app = express();

app.use(cors({ origin: "http://localhost:5173" }));

app.get("/", (req, res) => {
  res.send("Hello World");
});

app.listen(3000, () => {
  console.log("Server is running on port 3000");
});
Enter fullscreen mode Exit fullscreen mode

Image description

Now we got everything working, but there is another way of configuring response header, that is without using any package.

We simply need to define our custom middleware that modifies the response object. Here is how we can achieve it:

const express = require("express");

const app = express();

app.use((req, res, next) => {
  res.header("Access-Control-Allow-Origin", "http://localhost:5173");
  next();
});

app.get("/", (req, res) => {
  res.send("Hello World");
});

app.listen(3000, () => {
  console.log("Server is running on port 3000");
});
Enter fullscreen mode Exit fullscreen mode

Note: After the changes, you might not see the expected results, try using incognito or clear site cache.

That's all folks.
Happy coding ❤️

cors Article's
30 articles in total
Favicon
Cookies auto clearing after browser refresh issue , CORS related express cookies issue
Favicon
What is CORS Error and how to fix it
Favicon
CORS in Spring Boot with Kotlin
Favicon
Understanding CORS: Why Your API Requests Are Failing 🚧
Favicon
How to Launch Google Chrome Without CORS Protection on macOS
Favicon
Cross-Origin Resource Sharing (CORS): A Comprehensive Guide
Favicon
CORS is Stupid
Favicon
roadauth-rails api jwt cors 2024
Favicon
What is the CORS ?
Favicon
Fixing CORS in your SPA
Favicon
Advanced CORS: Deep Dive into Cross-Origin Resource Sharing
Favicon
Third-Party Cookies Are Gone (Or Not). How Can I Still Embed Cross-Site Apps?
Favicon
SOLVING CORS ERROR
Favicon
Troubleshooting CORS Issues in Express.js: A Simple Misconfiguration
Favicon
Implementing CORS in a Custom Next.js Server
Favicon
What are CORS? and how to configure it in Node?
Favicon
Brewing a More Open Web: CORS Demystified
Favicon
CORS Error Explained and How to Fix It?
Favicon
Resolving CORS Issues in express Node.js Project
Favicon
Resolving Firebase Authentication Sign-in Method Error
Favicon
Problem Encountered with CORS in Deno Server
Favicon
Solving CORS errors with Appwrite
Favicon
Need Help: Cross-Origin-Opener-Policy Blocking Google Login Window.Closed Call
Favicon
Understanding CORS, CSRF attacks and enabling valid CORS
Favicon
Enabling CORS in a .NET Core Server-Side Application
Favicon
[SOLVED]Yet another docker + vite, The connection was reset
Favicon
Cross-Origin Resource Sharing (CORS)
Favicon
Modern API development(Part 2): Initialize Server
Favicon
Configurando CORS Global para API Springboot
Favicon
Understand CORS 🌐 in Easy Way🦾

Featured ones:

Favicon
Open
abubakersiddique761
Favicon
Open
0x3d_site
Favicon
Open
0x2e_tech
Favicon
Open
0x4c-quest
Favicon
Open
gittech