Access-Control-Allow-Origin - not possible to host application clients on other hosts

[gcmartijn]

I don't know if its an issue or a 'feature' but in the old version I can do something like:
io.set('Origin':'*')

The reason to do this is because our application will be hosted on many different hostnames (websites) (origins). And only one server host.

In other words, its not possible to host our application clients on other hosts.

We don't use express or other modules, to keep it as clean as possible.
request_handler = require('./request_handler');

            inspect = require('util').inspect;
            app = require('http').createServer(request_handler.handler);
            io = require('socket.io').listen(app,{
                    'pingTimeout':60000,
                    'transports':['xhr-polling','polling', 'websocket', 'flashsocket'],
                    'pingInterval':25000,
                    'allowUpgrades':true,
                    'cookie':'io'
            });

app.listen(8090);

The error we get is:
OPTIONS http://_serverhost__:8090/socket.io/?EIO=2&transport=polling&sid=DWGmxtENtfqN_h1GAAAA No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://clienthost**' is therefore not allowed access. v1.js?c=b3f0c7f6bb763af1be91d9e74eabfeb199dc1f1f:5798
XMLHttpRequest cannot load http://serverhost:8090/socket.io/?EIO=2&transport=polling&sid=DWGmxtENtfqN_h1GAAAA. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://**_clienthost****' is therefore not allowed access.

• I removed the original serverhost name and clienthost

[Neumann-Valle]

check mine, I replicated the issue..
It is possible to be the same..
socketio/socket.io-client#641

[Neumann-Valle]

so , did you fix your issue?
Basically if you emit something after on connect in client side ,the error pop ups in Chrome Browser.
and in my case , Firefox loops.

[gcmartijn]

I'm going to use https://github.com/primus/primus so I can use socket.io when this fixed again.
If not then i'm using ws.
Because I don't know if somebody can fix this problem.

Its not really a solution, but maybe a better option.

[Neumann-Valle]

Hi, if you can replicate the issue you will see is not of a big deal, just not emiting right on connection would not give you anymore problems.

[gahula]

I am currently experiencing the same issue

[pmcalabrese]

I currently have this issue as well

[gahula]

I solved my issue by removing the the transports options....

var express = require('express');
var app = express();
var server = require('http').Server(app);
var io = require('socket.io')(server, {origins:'domain.com:* http://domain.com:* http://www.domain.com:*'});
var compress = require('compression');
var redis = require('socket.io-redis');
var uuid = require('node-uuid');
var geoip = require('geoip-lite');
var _ = require('underscore')._;

io.adapter(redis({ host: 'localhost', port: <port#>}));

server.listen(<port#>, '', function(){
console.log("Server up and running...");
});

........

[avinashega]

You can host your application on a different host but make sure you server the client socket.io.js from the same host where you are trying to connect to.

for example, my initial client code was this and it was throwing CORS error

<script src="/socket.io/socket.io.js"></script>
var socket = io.connect('http://mydomain.com/');

once I modified it to this, it worked alright.

<script src="http://mydomain.com/socket.io/socket.io.js"></script>
var socket = io.connect('http://mydomain.com/');

And my server code is,

var express = require('express');
var app = express();
app.use(function(req, res, next) {
        res.header("Access-Control-Allow-Origin", "*");
        res.header("Access-Control-Allow-Headers", "X-Requested-With");
        res.header("Access-Control-Allow-Headers", "Content-Type");
        res.header("Access-Control-Allow-Methods", "PUT, GET, POST, DELETE, OPTIONS");
        next();
    });
var server = http.createServer(app);
io = socketio.listen(server, {log:false, origins:'*:*'});
... //io.connect and events below

[shades3002]

yo lo solvente asi:

1. npm install cors
2. var cors = require('cors');
   3)app.use(cors());

[zardoz]

Pero esto no es muy seguro, tienes que specificar el domain. En este caso todo esabierto.

This is not very secure, you should specify the domain. In this case everything is open

[shades3002]

Claro pero eso lo configura uno de acuerdo a su necesidad https://www.npmjs.com/package/cors aqui aparece como configurar de manera personalizada. Saludos..