I am creating a feature for my website where people can live chat with me. In order to do this, I built the regular part of the site with php and apache, and the chat server with node.js (using socket.io and express). When people go to our site, there is a little bar that slides out from the side if they want to chat with me (in the same window, not a popup). With the chat server running, I see the client trying to connect:
info - socket.io started
Express server listening on port 8000 in development mode
debug - client authorized
info - handshake authorized 776963641537662118
It doesn't go any further, trying to connect via websockets or XHR, and I get the following error on the client side in the console:
XMLHttpRequest cannot load http://wundertutor.com:8000/socket.io/1/?t=1356208544112. Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
Also, I have this in my .htaccess file:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
unless you want other domains to be able to access the content being affected by that mod_headers.c, then restrict access control to you domain like this:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin http://wundertutor.com/
</IfModule>
i.e. removing the wildcard "*" that the error is complaining about.
I realize that it's been a long time since this question was asked, but you might want to try having your node application also allow for CORS. You can do this with the following:
io.set('origins', 'http://example.com:80');
Where example.com is where the request is coming from. This is what I did on my app and it allowed for CORS requests.