javascript - CORS on node subdomain -


i trying set api on sub domain , because of try set javascript api after web api.

but unfortunally getting error after trying reach server on xmlhttprequest().

i have been trying set sub domain express server ways have found allowing cors, still same error.

update:

here files:

app.js: 

    var express = require('express'),     http = require('http'),     path = require('path'),     fs = require('fs'),     app = express();  app.configure(function(){     app.set('port', process.env.port || 8080);     app.set('views', __dirname + '/views');     app.set('view engine', 'jade');     app.use(express.cookieparser('s5cret!'));     app.use(express.favicon());     app.use(express.logger('dev'));     app.use(express.bodyparser());     app.use(express.methodoverride());     app.use(app.router);     app.use(express.static(path.join(__dirname, 'public')));     app.use(express.vhost('localhost', require('./server/main.js').app));     app.use(express.vhost('api.localhost', require('./server/api.js').app)); });  http.createserver(app).listen(app.get('port'), function(){   console.log('express server listening on http://localhost:' + app.get('port')); });

api.js: 

var express = require('express'),     fs = require('fs'),     check = require('validator').check,     sanitize = require('validator').sanitize,     mongojs = require('mongojs'),     db = mongojs('mycity', ['user', 'reset', 'ranking', 'entries']),     tool = require('../util/tool.js'),     app = express();  app.options('/login', function (req, res){     var uname, password;     res.header("access-control-allow-origin", "*");     //escape user input , store in variables     if (req.body.inputusername) {         uname = sanitize(req.body.inputusername).xss();         uname = sanitize(uname).escape();     } else {          res.send(400, {"state": false, "reason": "username not set"});         return;      }     //escape password     if (req.body.inputpassword) {         password = sanitize(req.body.inputpassword).xss();         password = sanitize(password).escape();     } else {          res.send(400, {"state": false, "reason": "password not set"});          return;}      //search user given username     db.user.findone({'username': uname}, function(err, data){         //error during db search         if (err) res.send(400, {"state": false, "reason": "internal server error"});         else {             //check if there response otherwise username not found             if (data) {                 //check if user blocked                 if (data.blocked ? data.blocked : false) {                     res.send(200, {"state": false, "reason": "you blocked system"});                 } else {                     //checks if password same in db                     if (data.password == password) {                         //creating content of token                         var atoken = tool.randomstring(25);                         //checking if acccess token should 7 days or session token                         /* not needed in api                         if (req.body.inputcheckbox) {                                //send cookie lasts 7 days user                             res.cookie('token', atoken, {expires: new date(date.now() + 604800000) , httponly: true, signed: true});                         } else {                             //send session cookie user                             res.cookie('token', atoken, {maxage: null, httponly: true, signed: true});                         }                         */                         //redirection /                         //res.redirect("/");                         res.send(200, {"state": true, "atoken": atoken, "id": data._id});                         //set user online, save ip ,date of last login , token in db                         db.user.update({'username': uname}, { $set:  {atoken: atoken, online: true, ip: req.ip, date: new date(), attempt: 0}});                     } else {                         //get current attempts of login false password                         var attempt = data.attempt ? data.attempt : 0;                         //if attempts more equals 5 user gets blocked                          if (attempt >= 5) {                             res.send(200, "blocked");                             //set user blocked                             db.user.update({'username': uname}, {$set: {blocked: true}});                             return                         }                         //save attempts in db                         db.user.update({'username': uname}, { $set:  {'attempt': ++attempt}});                     }                 }             } else {                 //no such username found in db                 res.send(200, {"state": false, "reason": "no such username in system"});             }         }     });    //res.render('index', { title: 'express' }); }); app.post('/signup', function (req, res){     //escape user input     var name = req.body.inputname ? sanitize(req.body.inputname).xss() : false;         name = sanitize(name).escape();     var email = req.body.inputemail ? sanitize(req.body.inputemail).xss() : false;         email = sanitize(email).escape();     var password = req.body.inputpassword ? sanitize(req.body.inputpassword).xss() : false;         password = sanitize(password).escape();     var password2 = req.body.inputpassword2 ? sanitize(req.body.inputpassword2).xss() : false;         password2 = sanitize(password2).escape();      //check if userinput set     if (!name) {res.send('name empty');return}     if (!email) {res.send('email empty');return}     if (!password) {res.send('password empty');return}     if (!password2) {res.send('password2 empty');return}     if (password != password2) {res.send('check pass');return}      //save user data db     db.user.save({username: name, email: email, password: password, confirmed: false}, function(err, data){         if (err) res.send(500, false);         if (data) {             res.send(200, true);             //send email user confirmation of email         } else res.send(200, false);     }); }); app.post('/forgot', function (req, res){     if (req.body.inputemail) {     //escape user input     var email = sanitize(req.body.inputemail).xss();         email = sanitize(email).escape();      //search after email in db     db.user.findone({'email': email}, function (err, data){         if (err) { res.send(500, "error"); return}         //if email found         if (data) {             //random token created - uid ( user identification)             var rand = tool.randomstring(20);             //save request in db             db.reset.save({'email': email, 'uid': rand, 'date': new date()}, function (err, data){                 if (err) { res.send(500, "error"); return }                 if (data) {                     res.send(200, true);                     //send email given email link reset uid                 } else {                     //in case of empty data                     res.send(200, false);                 }             });         } else {             // response if mali not found             res.send(200, 'no such email in system');         }     });     } else {         //else if user input email not set         res.send(200, false);     } }); app.get('/reset/:uid?', function (req, res){     var uid;     //escape user input uid     if(req.params.uid){         uid = sanitize(req.params.uid).xss();         uid = sanitize(uid).escape();     } else {         res.send(200, 'uid empty');         return     }      //search after uid in db     db.reset.findone({uid: uid}, function (err, data){         if (err) { res.send(200, "error"); return };         //if uid found in db         if (data) {             res.send(200, true);             //todo: reset page             //remove uid db:                  //db.reset.remove({uid: uid});         }          //if uid not found in db         else {             res.send(200, false);         }     }); }); app.get('/ranking/:limit?', function (req, res){     var limit = req.params.limit ? parseint(req.params.limit) : 5;      console.log(limit);      db.ranking.find(null, {_id: 0}).limit(limit).sort({"points": -1}, function (err, data){         if (err) { res.send(500, "error"); return}         if (data) {             res.send(200, data);         } else {             res.send(200, "error");         }     }); }); app.get('/mycleanapi.js', function (req, res){     fs.readfile(__dirname.concat('/../api/mycleanapi.js'), function (err, data){         if (err) { res.send(500, "//internal server error"); console.log(err); return}         if (data) {             res.contenttype('text/javascript');             res.send(200, data);         }     }); }); app.get('/', function (req, res){     //console.log("api called");     //res.send(200, "ttt");     fs.readfile(__dirname.concat('/../api/index.html'), function (err, data){         if (err) { res.send(500, "//internal server error"); console.log(err); return}         if (data) {             res.contenttype('text/html');             res.send(200, data);         }     }); });  console.log('api running');  exports.app = app;

and main.js: 

var express = require("express"),     path = require('path'),     app = express();  app.configure(function(){     app.set('views', __dirname + '/../views');     app.set('view engine', 'jade');     app.use(express.cookieparser('s5cr5t!'));     app.use(express.favicon());     app.use(express.logger('dev'));     app.use(express.bodyparser());     app.use(express.methodoverride());     app.use(app.router);     app.use(express.static(path.join(__dirname, 'public'))); });  app.get('/', function (req, res){     res.render('index', { title: 'express' }); }); app.get('/users', function (req, res){   res.send("respond resource"); });  console.log("main server running");  exports.app = app;

your answer boils down this, assuming you're using express

app.use(function(req,res) { res.setheader("access-control-allow-origin", "*"); next(); });

this quite output cors header on every request made node server. simple, huh? bear in mind caveats:

  • does not work ie6 , 7, though jquery compensates that
  • does not allow fine-tune access. can fine-tune taking setheder call various routes.
  • you should reverse proxying avoid this.

Comments

Post a Comment

Popular posts from this blog

jquery - How can I dynamically add a browser tab? -

since using iframes house external pages are, accounts "not preferred method" , disallowed sites (flickr, one), want dynamically generate browser tabs. e.g., when user submits form, want dynamically generate tab on browser in response submitted. e.g., might want add new tab url like: http://www.bigsurgarrapata.com/contact how in jquery? you want form target attribute action attribute. http://www.w3schools.com/tags/att_form_target.asp browsers have ultimate control on result of target attribute open new tab value of _blank. <form action="contact_submit.php" target="_blank" method="post">
Read more

node.js - Getting the socket id,user id pair of a logged in user(s) -

i have web application done using node js , in it,i have authentication system requires users log in before can access pages. have 2 pages,the homepage , updates page. from read docs,a new socket id issued when user opens tab in browser. me being admin,i know socket id of logged in user , more so,the socket id,logged in user id pair logged in users. what method can use socket id,logged in user id pair make sure broadcast realtime info users online?.
Read more

keyboard - C++ GetAsyncKeyState alternative -

i using windows.h library's getasynckeystate function define key pushed on keyboard . here program returns int value of pushed key example. #include <iostream> #include <windows.h> using namespace std; int main (){ char i; for(i=8;i<190;i++){ if(getasynckeystate(i)== -32767){ cout<<int (i)<<endl; } } return 0; } but trying make opengl simple game , function appeared slow . there function not need cycle 180 times , if statement . thanks you're trying make opengl game, you're going use glfw. if that's case can away using glfwgetkey() such: if (glfwgetkey(glfw_key_up) == glfw_press) {...} if (glfwgetkey(glfw_key_down) == glfw_press) {...} that method nicely explained in tutorial 6 opengl-tutorial.org . should start first tutorial of beginners tutorials , later intermediate tutorials . if you're going make win32 window can listen wm_keydown or wm_keyup messages , virtua
Read more