CORS error coming on hosting my app on AWS

Question

I am trying to deploy my app on AWS, but I am stuck on a CORS error. My localhost Node server is on 5000 and React server on 3000. Here is what I have done in Nginx config :

cd /etc/nginx/sites-available 
sudo vim appName

    server {
    listen 80;
    location / {
        proxy_pass http://{{PRIVATE IP FROM EC2 INSTANCE}}:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

I also tried to add this config:

add_header Access-Control-Allow-Origin *;

But that also didn't work out.

Here is my cors code in server.js :

if (process.env.NODE_ENV === 'production') {
app.use(cors({
    origin: process.env.CLIENT_URL
}))
app.use(morgan('dev'))
}


app.use(function(req, res, next) {
res.setHeader("Access-Control-Allow-Credentials", true);
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader('X-Frame-Options', 'sameorigin');
res.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, multipart/form-data");
res.setHeader("Access-Control-Allow-Methods", "HEAD,GET,POST,DELETE,OPTIONS,PUT");
next();
});

Here is the error which is coming on requesting anything from front end on Nginx :

Access to XMLHttpRequest at 'http://localhost:5000/api/address' from origin 'http://ip' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space local.

Answer 1

I assume you're using express, so you can just use cors.js for this

To install:

npm i cors

Usage:

var express = require('express')
var cors = require('cors')
var app = express()
 
app.use(cors())