Send additional http headers with Express.JS


Question

I have a few static pages served with Express.JS. The setup is easy:

var app = express();

app.configure(function(){
  app.use(express.static(path.join(application_root, "StaticPages")));
  app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});

I want the response to include an addittional http header (Access-Control-Allow-Origin:*). Where should it be placed? I tried the below sample, but of course the header appears only on the default page:

app.get('/', function(req, res){
  res.setHeader("Access-Control-Allow-Origin", "*");
  res.send('Hello World');
});

Thanks.

1
36
1/5/2013 12:42:55 PM

Accepted Answer

I tried the below sample, but of course the header appears only on the default page

Yes, that is because you defined it just for the GET / route and not for the other paths. You should use a middleware instead.

If you wish to set the header for all requests:

app.configure(function(){
  app.use(function(req, res, next) {
    res.setHeader("Access-Control-Allow-Origin", "*");
    return next();
  });
  app.use(express.static(path.join(application_root, "StaticPages")));
  app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});

If you just want to do it for the static folders, there is no general method. You can probably change the express.static(which comes from connect.static). Another way to do it is to match urls and set the header if the url is matched.

app.configure(function(){
  app.use(function(req, res, next) {
    var matchUrl = '/StaticFolder';
    if(req.url.substring(0, matchUrl.length) === matchUrl) {
      res.setHeader("Access-Control-Allow-Origin", "*");
    }
    return next();
  });
  app.use(express.static(path.join(application_root, "StaticPages")));
  app.use(express.errorHandler({ dumpExceptions: true, showStack: true }));
});

NOTE: that the middleware need to be before the routes to make effect, in other words you can't put the middleware after the static middleware.

52
1/5/2013 1:55:45 PM

Another way :

app.use(express.static(
    path.join(application_root, "StaticPages"),
    {
        setHeaders: (res) => {
            res.setHeader('Access-Control-Allow-Origin', '*')
        }
    }
))

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Icon