+ Node.js Cross-Origin Request Blocked

Simple Server-Side Fix

❗ DO NOT USE “socketio” package… use “” instead. “socketio” is out of date. Some users seem to be using the wrong package.

❗ SECURITY WARNING: Setting origin * opens up the ability for phishing sites to imitate the look and feel of your site and then have it work just the same while grifting user info. If you set the origin, you can make their job harder, not easier. Also looking into using a CSRF token as well would be a great idea. v3


cors options:

const io = require('')(server, {
  cors: {
    origin: '*',
}); < v3

const io = require('')(server, { origins: '*:*'});


io.set('origins', '*:*');

or'*:*') // for latest version

* alone doesn’t work which took me down rabbit holes.

Leave a Comment