HTTP Response Node CORS Header Problem

I'm currently using the HTTP-in node which is set to accept a POST request which is working fine. However I am then trying to use the HTTP-response node to send back data.

The problem I'm facing is that even though I have added Access-Control-Allow-Origin: * header to the response my browser is still stating that "CORS header ‘Access-Control-Allow-Origin’ missing".

What am I missing?

Node-red flow:

[{"id":"4f207f6e0c1f8f73","type":"tab","label":"Flow 1","disabled":false,"info":"","env":[]},{"id":"0c75203ff1c6e073","type":"http in","z":"4f207f6e0c1f8f73","name":"/sentiment POST","url":"/sentiment","method":"post","upload":false,"swaggerDoc":"","x":180,"y":260,"wires":[["ed969497ee72ebbe"]]},{"id":"ed969497ee72ebbe","type":"sentiment","z":"4f207f6e0c1f8f73","name":"sentiment analysis","property":"payload.body","x":393,"y":117,"wires":[["c1fefb75bbc7d877"]],"l":false},{"id":"c1fefb75bbc7d877","type":"function","z":"4f207f6e0c1f8f73","name":"","func":"msg.payload = {\n    email :,\n    sentiment : msg.sentiment.score\n}\nreturn msg;","outputs":1,"noerr":0,"initialize":"","finalize":"","libs":[],"x":514,"y":238,"wires":[["dabe0ecc0e05408c"]],"l":false},{"id":"dabe0ecc0e05408c","type":"http response","z":"4f207f6e0c1f8f73","name":"","statusCode":"","headers":{"Access-Control-Allow-Origin":"*","Access-Control-Allow-Methods":"POST"},"x":684,"y":323,"wires":[],"l":false}]

can you share a demo flow that demonstrates your issue?

Also, do you access the http endpoint directly (as in: the URL you enter in the browser is the node-red endpoint) OR are you accessing content from node-red endpoint via a HTML tag inside a page served from some other webserver?

The former. Just some more information for you: I'm trying to create a Thunderbird (email client) add-on - so I'm attempting to access the endpoint URL from within email client. I should note that my HTTPS endpoint is located on the cloud - that is, my node-red editor is deployed on the cloud.

Then it may be your cloud provider inhibiting the access.

However, you could try setting cors in the settings.js to minimum level then tweak it to secure it up as best as possible based on your apps requirements,

    // The following property can be used to configure cross-origin resource sharing
    // in the HTTP nodes.
    // See for
    // details on its contents. The following is a basic permissive set of options:
    httpStaticCors: {
        origin: "*",

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.