i have app on heroku @ http://random-name.herokuapp.com sends emails mandrill. however, regardless of whether i'm running app locally @ localhost:5000
or remotely on heroku, throw following error when trying send emails:
xmlhttprequest cannot load https://mandrillapp.com/api/1.0/messages/send.json. response preflight request doesn't pass access control check: wildcard '*' cannot used in 'access-control-allow-origin' header when credentials flag true. origin 'http://random-name.herokuapp.com' therefore not allowed access.
there's lot of documentation on stack overflow error (see cors: cannot use wildcard in access-control-allow-origin when credentials flag true), , consequently, set express headers following:
app.use(function(req, res, next) { res.header("access-control-allow-origin", "http://localhost:5000 http://random-name.herokuapp.com"); res.header('access-control-allow-credentials', true); res.header("access-control-allow-methods", "get, post, put, delete, options"); res.header("access-control-allow-headers", "origin, x-requested-with, content-type, accept"); next(); });
however, doesn't seem solve issue. couldn't find useful in mandrill's documentation either. i'm guessing i'm specifying headers incorrectly, or perhaps aren't being used. ideas?
access-control-allow-origin
takes single value, not space separated list.
you need return whatever client sends in origin
request header (test make sure acceptable origin first though!).
Comments
Post a Comment