express-stormpath
express-stormpath copied to clipboard
stormpath
CORS support
For those using front-end frameworks, it is common for the the front-end application to be served from a different domain or port from the data API. This means that this library will need to serve the appropriate headers if a cross-domain client is consuming the endpoints that are handled by this library.
This is how I implemented CORS support in our old Express SDK library:
https://github.com/stormpath/stormpath-sdk-express/blob/master/lib/middleware/corsHandler.js
https://github.com/stormpath/stormpath-sdk-express#allowedOrigins
Hello at @miketamis , we have a CORS example here:
https://github.com/stormpath/stormpath-sdk-angularjs/tree/master/example/cors-app
Please let me know if this is useful, I can provide a better example if needed. We're probably not going to add any CORS dependencies in this library, but instead show it by example. Thanks for getting in touch!
Adding
app.use(cors())
Before
app.use(stormpath.init(app, {
//...
should be in the docs. This issue should be closed?
Is this possible from one computer on a network to another? We have them aliased in the host as web.localhost and api.localhost and it still will not send the access_token cookie with the request.
Network issues shouldn't mater, I would try the linked example above, and use the chrome network inspector to look at the headers on the requests and responses, then compare that to what your server is sending.
I set it up roughly the same way and added those domains to the hosts file and it never seems to send the cookies for the server to be able to authenticate if the user is logged in.
Can you show us a screenshot of what that request looks like in the chrome network inspector?