3

This is my first StackOverflow input, so please be gentle :p

I'm doing a webapplication with the MEAN-stack, and I've ran into a problem that i cant seem to fix. Tried several solutions that i've found online, but nothing seems to work. I have this Node/Express backend, that contacts facebook, with a:

router.post('/login/facebook', passport.authenticate('facebook');

And then recieves a callback from facebook on:

router.get('/login/facebook/callback',
    passport.authenticate('facebook', { failureRedirect: '/#' }),
    function (req, res) {
        console.log("in facebook return!");
        console.log(req.user);
    });

I can see in my console.log that the data I get back is what I expect! So far so good.. The problem is, that when i click my facebook login-button, that calls my satellizer facebook login:

   $scope.authenticate = function(provider) {
        $auth.authenticate(provider).then(function(res){
            console.log(res.data);
        });
    };

.. I get this message in my chrome console:

XMLHttpRequest cannot load https://www.facebook.com/dialog/oauth?response_type=code&redirect_uri=..... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:5000' is therefore not allowed access.

I guess theres something that i've overseen, but I cant figure out what.. When i Click the link it tryes to redirect to, I get my info printet in my console in the terminal. But I cant get redirected, as its not allowed, apparently..

Does anyone have an idea of what a solution could be? I've tried to put this into my server.app:

app.use(function (req, res, next) {
    res.header('Access-Control-Allow-Origin', '*');
    res.header('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE');
    res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization');
    next();
});

As I hoped I could get around the cross origin policy, but it didnt work either.

Any suggestions? :-)

Best regards!

Nicolai Harbo
  • 1,064
  • 12
  • 25
  • is a preflight OPTIONS request being made? – danday74 Apr 13 '16 at 13:05
  • Can you specify a little please? :-) – Nicolai Harbo Apr 13 '16 at 13:23
  • you are doing a POST request, a CORS POST request will often initiate an OPTIONS request. The OPTIONS request is made to the server simply to check the relevant CORS headers exist before posting a lot of info. If they are not then the POST will not even happen. If making the post via a browser then check the NET tab to see if a POST request is being made. Either way, the correct CORS headers on your server will fix it. Failing that, there are some workarounds in Angular to prevent the OPTIONS request being made. – danday74 Apr 13 '16 at 13:40
  • I guess the post request is being made, I get the facebook login-popup, but when I enter my email and password, and it has to redirect me, its failing (i get statuscode 302 in my terminal).. In my header of the request theres the following: – Nicolai Harbo Apr 13 '16 at 13:47
  • Response Headers view source Access-Control-Allow-Headers:Content-Type, Authorization Access-Control-Allow-Methods:GET, PUT, POST, DELETE Access-Control-Allow-Origin:* Connection:keep-alive Content-Length:0 Date:Wed, 13 Apr 2016 13:44:23 GMT Location:https://www.facebook.com/dialog/oauth?response_type=code&redirect_uri=http%..... X-Content-Type-Options:nosniff X-Download-Options:noopen X-Frame-Options:SAMEORIGIN X-XSS-Protection:1; mode=block – Nicolai Harbo Apr 13 '16 at 13:50
  • Request Headers view source Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.8,da;q=0.6 Authorization: ..heres a token Connection:keep-alive Content-Length:75 Content-Type:application/json;charset=UTF-8 Cookie: Heres a cookisession.sig=5qkdxXNMZLJ7dgd_bhSJUQsRjgM Host:localhost:5000 Origin:http://localhost:5000 Referer:http://localhost:5000/ User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36 – Nicolai Harbo Apr 13 '16 at 13:50
  • wow, that was a mess.. sorry about that :P Anyway, the POST request is being made, but i guess the redirect failes because of something missing in the header – Nicolai Harbo Apr 13 '16 at 13:51
  • youve got some headers such as X-Frame-Options:SAMEORIGIN ... research these headers as they can prevent x-domain requests when using iframes, etc – danday74 Apr 13 '16 at 14:15

0 Answers0