I have an express server that allows the front end to get information from the database it works fine. Cors is set up with the front end whitelisted but, trying to get an image (that has already been uploaded and saved) comes back with nothing except a 500 error. I tried disabling cors and it worked fine but any origin can do things which is not what I wanted for this website. Im using apache with the proxy and proxy_http mod enabled so it can access the express js server running on pm2. code on server js:

const whiteList=['domain.com'];
const corsOptions = {
  origin:function(origin, callback){
    if(whiteList.indexOf(origin) !== -1){
      callback(null, true);
    } else{
      callback(new Error('Not allowed by CORS'));
    }
  }
}
app.use(cors(corsOptions));

I have even tried setting up cors headers in apache but it doesn't work as it still lets in origins not listes.

CodePudding user response：

So I was able to fix this by doing this instead:

app.use(cors({origin: "https://example.com", allowedHeaders: ["Authorization", "Content-Type"]}));

The issue that actually found was that the server was not sending back all the cors headers including: Access-Control-Allow-Headers which was stuffing up everything.

It seems to be possibly a bug with cors package with having it's parameters in their own object managed to mess up what the server returned so for now its going to have to look a little bit ugly.

I did even followed what the cors documentation said but, that lead to even more problems weirdly.