Socket.io: Access-Control-Allow-Origin - not possible to host application clients on other hosts

Created on 5 Mar 2014  路  11Comments  路  Source: socketio/socket.io

I don't know if its an issue or a 'feature' but in the old version I can do something like:
io.set('Origin':'*')

The reason to do this is because our application will be hosted on many different hostnames (websites) (origins). And only one server host.

In other words, its not possible to host our application clients on other hosts.

We don't use express or other modules, to keep it as clean as possible.
request_handler = require('./request_handler');

            inspect = require('util').inspect;
            app = require('http').createServer(request_handler.handler);
            io = require('socket.io').listen(app,{
                    'pingTimeout':60000,
                    'transports':['xhr-polling','polling', 'websocket', 'flashsocket'],
                    'pingInterval':25000,
                    'allowUpgrades':true,
                    'cookie':'io'
            });

app.listen(8090);

The error we get is:
OPTIONS http://_serverhost__:8090/socket.io/?EIO=2&transport=polling&sid=DWGmxtENtfqN_h1GAAAA No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://_clienthost*' is therefore not allowed access. v1.js?c=b3f0c7f6bb763af1be91d9e74eabfeb199dc1f1f:5798
XMLHttpRequest cannot load http://_serverhost__:8090/socket.io/?EIO=2&transport=polling&sid=DWGmxtENtfqN_h1GAAAA. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://_clienthost*' is therefore not allowed access.

  • I removed the original serverhost name and clienthost
picture gcmartijn

All 11 comments

check mine, I replicated the issue..
It is possible to be the same..
https://github.com/LearnBoost/socket.io-client/issues/641

utan picture utan on 5 Mar 2014

so , did you fix your issue?
Basically if you emit something after on connect in client side ,the error pop ups in Chrome Browser.
and in my case , Firefox loops.

utan picture utan on 6 Mar 2014

I'm going to use https://github.com/primus/primus so I can use socket.io when this fixed again.
If not then i'm using ws.
Because I don't know if somebody can fix this problem.

Its not really a solution, but maybe a better option.

gcmartijn picture gcmartijn on 6 Mar 2014

Hi, if you can replicate the issue you will see is not of a big deal, just not emiting right on connection would not give you anymore problems.

utan picture utan on 6 Mar 2014

I am currently experiencing the same issue

gahula picture gahula on 29 May 2014

I currently have this issue as well

pmcalabrese picture pmcalabrese on 31 May 2014

I solved my issue by removing the the transports options....

var express = require('express');
var app = express();
var server = require('http').Server(app);
var io = require('socket.io')(server, {origins:'domain.com:* http://domain.com:* http://www.domain.com:*'});
var compress = require('compression');
var redis = require('socket.io-redis');
var uuid = require('node-uuid');
var geoip = require('geoip-lite');
var _ = require('underscore')._;

io.adapter(redis({ host: 'localhost', port:

server.listen(', function(){
console.log("Server up and running...");
});

........

gahula picture gahula on 31 May 2014

You can host your application on a different host but make sure you server the client socket.io.js from the same host where you are trying to connect to.

for example, my initial client code was this and it was throwing CORS error

<script src="/socket.io/socket.io.js"></script>
var socket = io.connect('http://mydomain.com/');

once I modified it to this, it worked alright.

<script src="http://mydomain.com/socket.io/socket.io.js"></script>
var socket = io.connect('http://mydomain.com/');

And my server code is,

var express = require('express');
var app = express();
app.use(function(req, res, next) {
        res.header("Access-Control-Allow-Origin", "*");
        res.header("Access-Control-Allow-Headers", "X-Requested-With");
        res.header("Access-Control-Allow-Headers", "Content-Type");
        res.header("Access-Control-Allow-Methods", "PUT, GET, POST, DELETE, OPTIONS");
        next();
    });
var server = http.createServer(app);
io = socketio.listen(server, {log:false, origins:'*:*'});
... //io.connect and events below
avinashega picture avinashega on 2 Jun 2014
👎4 😕1

yo lo solvente asi:
1) npm install cors
2) var cors = require('cors');
3)app.use(cors());

shades3002 picture shades3002 on 25 Oct 2016
👎6

Pero esto no es muy seguro, tienes que specificar el domain. En este caso todo esabierto.

This is not very secure, you should specify the domain. In this case everything is open

zardoz picture zardoz on 8 Nov 2016

Claro pero eso lo configura uno de acuerdo a su necesidad https://www.npmjs.com/package/cors aqui aparece como configurar de manera personalizada. Saludos..

shades3002 picture shades3002 on 9 Nov 2016
👎5
Was this page helpful?
0 / 5 - 0 ratings

Related issues

karmac2015 picture karmac2015  路  3Comments
distracteddev picture distracteddev  路  3Comments
samccone picture samccone  路  3Comments
rudijs picture rudijs  路  4Comments
adammw picture adammw  路  4Comments