1👍
✅
The cross-origin request blocked error is not caused by the your server configuration but by Google’s server configuration. Your server tries to redirect the client to Google’s login page. For security reasons, browsers do not always allow these kinds of cross origin redirects (otherwise you could always get around CSRF protection by adding a redirecting endpoint page on your own domain). To fix the problem, you can use an actual html link to http://localhost:3000/user/google/, like so:
<a href="http://localhost:3000/user/google/">Google+</a>`
0👍
You can add cors headers through response headers in middleware:
app.use(function(req, res, next) {
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS');
next();
});
Source:stackexchange.com