5
votes

I'm trying to enable CORS in SailsJS v0.9.15... It doesn't help if i set "allRoutes: true" in cors.js, i'm still getting CORS related errors. Why is this not working? According to this, it should be enough... https://github.com/balderdashy/sails-docs/blob/master/todo/config.cors.md

Error in Firefox: "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at www.domain.com. This can be fixed by moving the resource to the same domain or enabling CORS."

Error in Chrome: "The 'Access-Control-Allow-Origin' header contains the invalid value 'null'. Origin 'www.domain.com' is therefore not allowed access."

Is this a bug?

Sails.js (REST api) is hosted on Openshift, could that be a problem?

Thanks for help...

1
Are the two parts of your application (the application, and the API) hosted on different services or different domains? - user2879327
Yes, API is hosted on Openshift PaaS, client application is a single page backbone application at this time (in future it will be a mobile phonegap application). - cartoonle
Unfortunately this seems to be an issue with OpenShift in general filtering out the CORS headers. See stackoverflow.com/questions/23978344/…. Hopefully someone from OpenShift will answer that. - sgress454
I'm using sails rc8 on my localhost and I am still getting this error on chrome. I tried to modify config/cors.js allRoutes and set it to true, but then I get another error: XMLHttpRequest cannot load 192.168.2.106:1337/session/mobileCheckAuth?_dc=1405003092187. Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers. Same happens when hosting on Heroku, but this is less important to me. Any idea? I need this for testing from my Chrome browser. - user2867106
@user2867106, take a look at the documentation, specifically the headers setting... - sgress454

1 Answers

1
votes

Just to make this official, there is an open issue about CORS headers being filtered out by OpenShift. CORS should work fine in Sails for deployments that don't block those headers. Documentation for CORS in Sails is here and here.