I’ve been unsuccessfully trying to allow my back-end app which returns a JSONP as a response to the ‘./poem’ path for a while. I tried using setHeader() s mentioned on stackoverflow in a middleware function but to no avail. Every attempt has failed and I always get a message like this on the console:
Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘null’ is therefore not allowed access.
While I can certainly render my app on the server or use a same origin request (which I’m doing right now), I’d like the API to be used on other websites too, like CodePen.
Could someone with experience with Express and node please point me in the right direction?
Here’s the code on Github: https://github.com/imtoobose/terriblepoems
Here’s the live app on Heroku: https://really-awful-poems.herokuapp.com/
Route for JSONP: https://really-awful-poems.herokuapp.com/poem
It’s a bit buggy, but I would like to solve this issue asap. I’ve just started with the back end, so I apologize if this is a really obvious mistake. Also I am aware the source code doesn’t contain the setHeader functions for CORS anymore. Removing or adding them didn’t affect the outcome.
Thanks to anyone who looks at it.
EDIT: I’m using Mashape to overcome this problem, but I still have no idea how I would do this without it.