Enable CORS

CORS on Meteor

To add CORS authorization to a Meteor application, use the webapp package's WebApp.connectHandlers to customize HTTP headers.

In order for Meteor APIs to work, the client will typically need to send requests with an "Authorization" header, and to request "Content-type: application/json". The server will need to allow these with an "Access-Control-Allow-Headers" header, as shown below: 

// Listen to incoming HTTP requests, can only be used on the server
WebApp.rawConnectHandlers.use(function(req, res, next) {
  res.setHeader("Access-Control-Allow-Origin", "*");
  res.setHeader("Access-Control-Allow-Headers", "Authorization,Content-Type");
  return next();
});

Use the optional path argument to only call the handler for paths that match a specified string. 

// Listen to incoming HTTP requests, can only be used on the server
WebApp.rawConnectHandlers.use("/public", function(req, res, next) {
  res.setHeader("Access-Control-Allow-Origin", "*");
  return next();
});

Who’s behind this

Monsur Hossain and Michael Hausenblas

Contribute

The content on this site stays fresh thanks to help from users like you! If you have suggestions or would like to contribute, fork us on GitHub.

Buy the book

Save 39% on CORS in Action with promotional code hossainco at manning.com/hossain