1
I have an API and I’m trying to connect with an online store but every time I try to perform a POST is returned an OPTIONS. I decided to use JWT to authenticate orders and avoid OPTIONS but without success.
app.post('/auth', function(req,res){
var username = 114881;
var token = jwt.sign(username, app.get('superSecret'), { expiresInMinutes: 60});
res.send(token);
}
Returns the following error:
POST /auth 500 0.650 ms - 2086
Error: "expiresInMinutes" is not allowed in "options"
I have tried everything that can be tried but all without success, with CORS, setHEADERS, etc...
Has anyone ever had the same problem?
The "verb" in
OPTIONSis generated because of CORS. CORS is not something you put or remove, CORS is the HTTP Access Control, it occurs when it is in a URL and tries to access a different domain, there is no escape from it, it exists for security. Jwt has nothing to do with this.– Guilherme Nascimento
Dear friend, if authenticating the POST with JWT we no longer have OPTIONS right? That’s what I’m trying to do..
– Jean-Pierre Carvalho
JWT has nothing to do with OPTIONS, that is, one thing does not affect the other, OPTIONS occurs because of CORS and only because of this... The HTTP OPTIONS method is used so that a client can find out what request options are allowed for a given resource on a server. The client can specify a specific URL in the OPTIONS method or an asterisk(*) indicating that it refers to the server as a whole to resolve its doubts regarding the allowed request options. It occurs precisely because your client-side application does such checking...
– Guilherme Nascimento
... then you have to create a route in express with OPTIONS and set the permissions via HEADER, PS: it is possible to also use this route to check the Jwt, of course this is optional.
– Guilherme Nascimento