Forbit CORS request in node.js

325
March 16, 2017, at 00:35 AM

I have a nodejs Express app which serves a static front-end app. I have an endpoint that I'd like to prevent the access from all the others domains.

One solution could be using CRSF but I'd prefer avoiding this. Is there a simple way?

My app is very simple:

app.use(express.static(path.join(__dirname, '/dist')));
app.use(bodyParser.json());
app.post('/endpoint', (req, res) => {
    res.send();
});
app.listen(process.env.PORT || 8080);
Answer 1

Does the domain have a static IP? You could add your domains IP to a whitelist blocking access to your endpoint from all IP's bar your own:

express-ipfilter

If you don't have a static IP so that you can block requests you could start by configuring CORS with the Access-Control-Allow-Origin header set to your domain. This will block cross origin access from the browser but isn't a complete fix for what you want.

Configuring CORS

READ ALSO
Loopback can't fetch data with self through relation

Loopback can't fetch data with self through relation

Member model based on User model

283
Play MP4 videos in Node WebKit

Play MP4 videos in Node WebKit

I'm using nodebob for making a nodewebkit (nwjs) desktop app, but the MP4 videos wouldn't play in it

394
nested for loop in node js with asynchronous

nested for loop in node js with asynchronous

I have userCurrentContainer = [[],[{"1":"xyz"},{"2":"abc"}],[{"1":"xyz"}],[]]

352
Get stream path data into a div

Get stream path data into a div

So, I have a stream of data in the form of a ton of strings from a node server sending to localhost:8080/path-name/ and I have my HTML at the rootUltimately I have other streams of data sending to other path names, so I may have a localhost:8080/other-path-name/...

403