I have an express.js server which is interfacing with passport for Twitter login. Everything works when I test the route from a page served by the express app, but I'm trying to use this server to interface with a phonegap application.
When I call the server's login route (http://localhost:3000/auth/twitter) from a completely separate client side app, I keep getting this error:
XMLHttpRequest cannot load https://api.twitter.com/oauth/authenticate?oauth_token=***************************. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
I believe I'm implementing a correct CORs middleware, since I can call other server routes no problem:
app.use(function(req, res, next) {
res.header('Access-Control-Allow-Credentials', true);
res.header('Access-Control-Allow-Origin', req.headers.origin);
res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE');
res.header('Access-Control-Allow-Headers', 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept');
next();
});
Any ideas? Does this have something to do with a Twitter specific issue?