Hapi: Cors allow

Created on 20 Nov 2015 · 3Comments · Source: hapijs/hapi

what's wrong

var Hapi = require('hapi');

var server = new Hapi.Server();
server.connection({ 
    port: 3000,
    routes: {
        cors: true
    }
    // routes: {
    //     cors: {
    //         origin : ['*']
    //     }
    // }
});

server.route({
    method: 'GET',
    path: '/',
    handler: function (request, reply) {
        reply({"test": 'Hello, world!'});
    }
});

server.start(function () {
    console.log('Server running at:', server.info.uri);
});

XMLHttpRequest cannot load http://192.168.1.5:3000/. Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is ''. It must be 'true' to allow credentials. Origin 'http://localhost:9000' is therefore not allowed access.

non issue

Source

foobar1123

Most helpful comment

You need to set the credentials option on your route cors setting. See cors section under http://hapijs.com/api#route-options. It's not set by default.

server.route({
    config: {
        cors: {
            origin: ['*'],
            credentials: true
        }
    },
    method: 'GET',
    path: '/resource',
    handler: function (request, reply) {

        reply('A resource');
    }
});

mtharrison on 20 Nov 2015

👍3

All 3 comments

I was able to reproduce this on 11.0.0 and up. It seems fine in 10.5.0. Could this be a regression? Did the API change?

nlindley on 20 Nov 2015

You need to set the credentials option on your route cors setting. See cors section under http://hapijs.com/api#route-options. It's not set by default.

server.route({
    config: {
        cors: {
            origin: ['*'],
            credentials: true
        }
    },
    method: 'GET',
    path: '/resource',
    handler: function (request, reply) {

        reply('A resource');
    }
});

mtharrison on 20 Nov 2015

👍3

all done. thank you

foobar1123 on 20 Nov 2015

Was this page helpful?

0 / 5 - 0 ratings