CORS Error while redirecting to external URL in Node js

Question

I have a node js application I have made the below configurations in my index.js file

const app = express();
var cors = require("cors");

app.use(cors({ credentials: true, origin: "*" }));

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  next();
});

In my API I am trying to redirect to an external URL like below

module.exports = async (req, res) => {
    try {
        let url = "https://externalurl.com";
        res.header("Access-Control-Allow-Origin", "*");
            res.redirect(encodeURI(url));
        res.header("Access-Control-Allow-Origin", "*");
            res.redirect(encodeURI(url));
    } catch (err) {
        return res.status(500).json({ msg: err });
    }
}
    

But it is giving me the below CORS error

How do I fix it? Please help

 Access to XMLHttpRequest at 'https://externalurl.com' (redirected from 'https://myapplication/apis/v1/login/loginAuthentication') from origin 'https://myapplication.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Answer 1

You can't trick a browser into treating B.com has having granted permission with CORS by making a request to a CORS-enabled A.com and then redirecting to B.com.

B.com has to explicitly grant permission itself.