-
Notifications
You must be signed in to change notification settings - Fork 99
/
server_meteor.html
34 lines (29 loc) · 1.34 KB
/
server_meteor.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
---
layout: default
title: enable cross-origin resource sharing
---
<div class="container">
<section>
<h1>CORS on Meteor</h1>
<p>
To add CORS authorization to a <a href="http://www.meteor.com">Meteor</a> application, use the <a href="http://docs.meteor.com/#/full/webapp">webapp</a> package's <code>WebApp.connectHandlers</code> to customize HTTP headers.
</p>
<p>
In order for Meteor APIs to work, the client will typically need to send requests with an "Authorization" header, and to request "Content-type: application/json". The server will need to allow these with an "Access-Control-Allow-Headers" header, as shown below:
</p>
<pre class="code">// Listen to incoming HTTP requests, can only be used on the server
WebApp.rawConnectHandlers.use(function(req, res, next) {
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Headers", "Authorization,Content-Type");
return next();
});</pre>
<p>
Use the optional <code>path</code> argument to only call the handler for paths that match a specified string.
</p>
<pre class="code">// Listen to incoming HTTP requests, can only be used on the server
WebApp.rawConnectHandlers.use("/public", function(req, res, next) {
res.setHeader("Access-Control-Allow-Origin", "*");
return next();
});</pre>
</section>
</div>