abbr
commented
5 years ago Do you get 401 if you hit express server directly in browser?
Closed Gmunker closed 5 years ago
abbr
commented
5 years ago Do you get 401 if you hit express server directly in browser?
Gmunker
commented
5 years ago No it displays the JSON fine
Gmunker
commented
5 years ago So any suggestions? Tests I can see where the fail is happening?
abbr
commented
5 years ago I don't think this is NodeSSPI issue since you can access express api endpoint directly. It is more likely to be a combination of CORS and NTLM. Google with these 2 terms. Some people suggest setting withCredentials option to true fixes the problem.
$http.get(url, { withCredentials: true });Given that, I'll close the ticket for now.
Tumblefox
commented
11 months ago Encountered this recently and it wasn't an issue with NodeSSPI, but hopefully this added context helps someone. To add to what @abbr mentioned, setting the headers in my function after setting the option withCredentials = true solved the issue.
Before res.send in my function, I added this: res.header('Access-Control-Allow-Origin', FRONTEND_ORIGIN); res.header('Access-Control-Allow-Credentials', true); res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE'); res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
With FRONTEND_ORIGIN being my exact origin URL instead of '*'. Using a wildcard may not be allowed in this case as discussed here: https://stackoverflow.com/questions/19743396/cors-cannot-use-wildcard-in-access-control-allow-origin-when-credentials-flag-i
Sorry if I missed a previous post about this, I did search and didnt see an answer.
I am in the process of making my intranet site with ReactJS and using nodeSSPI to grab the groups. I have an express server with a modified route of the example code, to instead of returning the html response, it returns an object that contains the user name, and groups. When I try and fetch the data though from my front-end, i'm getting a 401.
(I am no expert with express, I know the basics) I have used express-generator for my express server(3001), and my front-end is create-react-app (3000). I am not getting a CORS error, just a 401.
You can find the basic recreation of the issue at: https://github.com/Gmunker/fetcherror