Add CORS Access-Control-Allow-Origin Header
Hello currently the Access-Control-Allow-Origin is not set in the response, therefore every modern browser is rejecting the requests.
curl -k https://aeon-dev.atosresearch.eu:3000/subscribe/config -H "Origin: http://localhost:4200" -v
* Hostname was NOT found in DNS cache
* Trying 95.211.12.13...
* Connected to aeon-dev.atosresearch.eu (95.211.12.13) port 3000 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
* subject: CN=*.atosresearch.eu
* start date: 2017-05-16 00:00:00 GMT
* expire date: 2020-05-15 23:59:59 GMT
* issuer: C=US; O=GeoTrust Inc.; CN=RapidSSL SHA256 CA
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET /subscribe/config HTTP/1.1
> User-Agent: curl/7.35.0
> Host: aeon-dev.atosresearch.eu:3000
> Accept: */*
> Origin: http://localhost:4200
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Access-Control-Allow-Methods: GET,PUT,POST,DELETE, OPTIONS
< Access-Control-Allow-Headers: Content-Type, Authorization, X-HTTP-Method-Override, X-Requested-With
< Access-Control-Max-Age: 1800
< Access-Control-Allow-Credentials: true
< Content-Type: application/json; charset=utf-8
< Content-Length: 93
< ETag: W/"5d-NOXJxb6hUidNkZrjrN1NhiCQU7o"
< set-cookie: connect.sid=s%3Au1hL8NTcmnKc30Hem1JCqjk8bAyu53TF.%2FnriBTBgOaS9zhtgW9Zby4AQux5b78qg9hzvksJfclI; Path=/; HttpOnly
< Date: Wed, 15 Nov 2017 08:53:52 GMT
<
on the Prod (aeon.atosresearch.eu) it is derived using the origin header:
curl http://aeon.atosresearch.eu:3000/subscribe/config -H "Origin: http://localhost:4200" -v
* Hostname was NOT found in DNS cache
* Trying 130.206.113.59...
* Connected to aeon.atosresearch.eu (130.206.113.59) port 3000 (#0)
> GET /subscribe/config HTTP/1.1
> User-Agent: curl/7.35.0
> Host: aeon.atosresearch.eu:3000
> Accept: */*
> Origin: http://localhost:4200
>
< HTTP/1.1 200 OK
< X-Powered-By: Express
< Access-Control-Allow-Origin: http://localhost:4200
< Access-Control-Allow-Methods: GET,PUT,POST,DELETE, OPTIONS
< Access-Control-Allow-Headers: Content-Type, Authorization, X-HTTP-Method-Override, X-Requested-With
< Access-Control-Max-Age: 1800
< Access-Control-Allow-Credentials: true
< Connection: close
< Content-Type: application/json; charset=utf-8
< Content-Length: 122
< Set-Cookie: aeon.sid=s%3AQCpjfpKEORRkvozRucS6QcbU.bG8LA4bCtcotKE2jtCNi6vtVaxxj0PW3mA7BMjocGBk; Path=/
< Date: Wed, 15 Nov 2017 08:53:01 GMT