javascript - Cors and headers -


i'm having trouble cors , headers. have below middleware:

res.header('access-control-allow-origin', '*'); res.header('access-control-allow-methods', 'get,put,post,delete'); res.header('access-control-allow-headers', 'content-type,x-access-token,authorization'); next();

after have middleware check token:

const token = req.body.token || req.query.token || req.headers['x-access-token'];      if (token) {         jwt.verify(token, config.jwtkey, (err, decoded) => {             if(err) {                 return res.json({success: false, errmsg: 'wrong key'});             } else {                 req.decoded = decoded;                 next();             }         });     } else {         return res.status(403)             .send({                 success: false,                 message: "no token provided"             });     }

but when log req.headers:

{ host: 'localhost:4556',   connection: 'keep-alive',   'access-control-request-method': 'post',   origin: 'http://localhost:4200',   'user-agent': 'mozilla/5.0 (macintosh; intel mac os x 10_11_6) applewebkit/537.36 (khtml, gecko) chrome/59.0.3071.115 safari/537.36',   'access-control-request-headers': 'authorization,content-type,x-access-token',   accept: '*/*',   dnt: '1',   referer: 'http://localhost:4200/posts',   'accept-encoding': 'gzip, deflate, br',   'accept-language': 'sv,en-us;q=0.8,en;q=0.6' }

there no "x-access-token" in headers, except in "access-control-request-headers". , it's name. must wrong, found when googled use access-control-allow-headers.

you looking @ preflight options request. can triggered number of conditions, 1 of "sets non-standard header" (like x-access-token).

the browser won't make post request (with x-access-token header) until server responds options request giving permission.

you'll need exclude options requests token checking middleware don't send 403 in response preflight (which never include token).


Comments

Post a Comment

Popular posts from this blog

PHP and MySQL WP -

i trying accomplish 2 things here code. writing php directly wp page using insert php plugin. 1) query mysql database , return results 1 column 4 columns. 2) make each result own hyperlink directs user new wp page runs new query on page. i able query show results , turn results dynamic hyperlink, cannot formatting down. right returns result 1 column. here have: [insert_php] $servername = "localhost"; $username = "login"; //edited privacy $password = "password"; //edited privacy $database = "database"; //edited privacy // create connection $conn = new mysqli($servername, $username, $password, $database); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected successfully"; //get results database $result = mysqli_query($conn,"select mine mines order mine"); $all_property = array(); //declare array saving property //showing proper...
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

go - golang pprof for c library code -

i have been trying profile golang application pprof, seems details of c code(linked static library) missed in output result. flame graph from frame graph can see c code time consuming reported within "runtime._externalcode", no details @ all. , sure static library compiled debug enable. so there way make pprof details(like stack trace) of 3rd party c code? or there other golang profiling tool this?
Read more