JS-301-NodeServer
  • Introduction
  • js_library
    • Node Server
      • 00 - Intro
        • 01 - Purpose
        • 02 - Back-End Setup
        • 03 - Terms Cheat Sheet
      • 01 - Server Set up
        • 01 - npm packages
        • 02 - Express Intro
        • 03 - Express code
      • 02 - Development Tools
        • 01 - Nodemon Intro
        • 02 - Postman Intro
        • 03 - Postman set up
      • 03 - Routes Intro
        • 01 - Routes intro
        • 02 - Express Router() intro
        • 03 - Challenge 1
        • 04 - Challenge 2
      • 04 - Database Intro
        • 00 - DB Intro and Set up
          • 00 - DB Intro
          • 01 - PostgreSQL Intro
          • 02 - Install
        • 01 - Sequelize Intro
          • 01 - Sequelize intro
          • 02 - Initialize
      • 05 - Model View Controller
        • 01 - MVC
          • 00 - MVC Intro
        • 02 - Models
          • 01 - Intro to Models
          • 02 - Test Model
        • 03 - Controllers
          • 00 - Controllers Intro
          • 01 - Controller Set up
          • 02 - Create Method
          • 03 - req.body()
          • 04 - Crafting the Response
          • 05 - Sending the Response
          • 06 - JSON Response
          • 07 - Error Handling
        • 04 - Conclusion
      • 06 - Tokenization
        • 01 - JWT Intro
          • 01 - JWT intro
        • 02 - User Create
          • 01 - User Create
          • 02 - Refactor
        • 03 - User Token
          • 01 - JWT Package
          • 02 - Adding JWT
          • 03 - ENV
      • 07 - Encryption
        • 01 - bcrypt
        • 02 - bcrypt setup
      • 08 - Session
        • 00 - Session Intro
        • 01 - Sign In Method
        • 02 - Sign In Bcrypt
        • 03 - Sign In JWT
      • 09 - Middleware
        • 01 - Test Client HTML
        • 02 - Test Client JS
        • 03 - Middleware intro
        • 04 - Headers intro
        • 05 - Server Update
        • 06 - Test Post
        • 07 - Test Post Refactor
        • 08 - Post Data
        • 09 - Fetch From One
      • 10 - Authenticated Routes
        • 01 - Intro to Authenticated Routes
        • 02 - Validate Session
        • 03 - Changes to app.js
        • 04 - authtestcontroller.js
        • 05 - Delete an Item
        • 06 - Update an Item
        • 07 - Postman Testing
      • 11 - Authenticated Requests
        • 00 - Additions to index
        • 01 - Anatomy of a Request
        • 02 - Create User
        • 03 - Getting a Token
        • 04 - Get Items From One User
        • 05 - Creating an Item for a User
        • 06 - Get one item
        • 07 - Update an Item
        • 08 - Deleting an Item
        • 09 - Deleting with a Custom Event
      • 12 - Workout Log Server
        • 00 - Intro
      • 13 - More Sequelize Functions
        • Migrations
          • 00 - Intro
          • 01 - init and config
          • 02 - Creating the First Migration
          • 03 - Running Migrations
          • 04 - Reverting Migrations
          • 05 - Seeds
          • 06 - Reverting Seeds
        • Queries
          • 00 - Intro
          • 01 - Queries
Powered by GitBook
On this page
  • Headers
  • Analysis
  • next()
  1. js_library
  2. Node Server
  3. 09 - Middleware

04 - Headers intro

Previous03 - Middleware introNext05 - Server Update

Last updated 7 years ago

In this module, we'll use Express to begin allowing CORS for client and server request/response cycle.

Headers

Headers are sent by the client along with the request. They contain special instructions for the server. For more information on headers and CORS, take a look at the . A word of caution: there is a lot of information packed into this page, and much of it focuses on things that we haven't covered yet. Take it slow and do your own research, too.

  1. Go into the server folder, create a new folder called middleware, and add the following files:

     └── 5-Express Server
         └── server
             └── controllers
             └── middleware
                 └── headers.js                
             └── models
         └── client

  2. Go into headers.js and add the following code:

    //1                        //2
module.exports = function(req, res, next){
 //3                    //4
 res.header('access-control-allow-origin', '*');
 res.header('access-control-allow-methods', 'GET, POST, PUT, DELETE'); //5
 res.header('access-control-allow-headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization'); //6
 //7
 next();
};

Analysis

  1. module.exports allows us to export this module to be used in another file.

  2. req refers to the request from the client, specifically focusing on any headers present on the request object. res refers to the response and will be used to present which types of headers are allowed by the server. next will be covered more in a moment.

  3. We call res.header so that the server will respond with what kind of headers are allowed in the request.

  4. We use the specific access-control-allow-origin header to tell the server the specific origin locations that are allowed to communicate with the server. The * is known as a wild-card. It means that everything is allowed. In this setting, it's saying that requests originating from any location are allowed to communicate with the database.

  5. These are the HTTP methods that the sever will allow to be used. Postman allows you to send 15 different HTTP requests; our server will only accept these four.

  6. These are specific header types that the server will accept from the client. Remember from our earlier testing we sent a Content-Type header to the server. Without this header, our request would not have worked. You can find more information on this and other headers on MDN, and we will talk about them more in the future as well.

  7. next sends the request along to its next destination. This could be the API endpoint or another middleware function designed to do something else. Let's talk a little bit more about next.

next()

next() tells the middleware to continue its process. With the above example, next() takes the request object and passes it on the endpoint on the server. Not including the next() would cause the application to break, as the server doesn't know what to do after sending the header. We could also use next() to provide additional headers if we want further restrictions on our server.

Mozilla docs