Click here to Skip to main content
15,446,232 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Below is my app.js code.
import bodyParser from 'body-parser';
import cors from 'cors';
import requestIp from 'request-ip';
import os from 'os';
import { AppRoutes, AuthRoutes } from './routes';


const app = express();
app.use(cors());
app.disable('x-powered-by');
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: false }));
app.use((req, res, next)=> {
  const clientIp = requestIp.getClientIp(req);
  logger.debug(JSON.stringify(req.socket.address()));
  logger.debug(`incoming IP ${clientIp}`);
  next();
});


// Api Routes.
app.use('/api/login', AppRoutes);
app.use('/api', verifyToken, AuthRoutes);


export default app;


Below is my index.js code. Below code is working fine for GET and POST but its not working for PUT. Its giving an error.

Quote:
You don't have permission to access /api/save-user-profile/{user-name}.


import {
  getCustomersbyId
} from './controller/customer-controller';
import { Login } from './controller/login';
import {
  modelEdit,
  saveProfile
} from './controller/extension';

const AuthRoutes = Router();
const AppRoutes = Router();

AuthRoutes.get('/customers/', getCustomersbyId);
AuthRoutes.post('/model-entity-links/info', modelEdit);
AuthRoutes.put('/save-user-profile/:username', saveProfile);
AppRoutes.post('/', Login);

export { AuthRoutes, AppRoutes };


What I have tried:

I Have tried below code but still same issue.

app.use(function(req, res, next) {
       res.header("Access-Control-Allow-Origin", "*");
       res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
       res.header('Access-Control-Allow-Methods', 'PUT, POST, GET, DELETE, OPTIONS');
          next();
    });
Posted
Updated 4-Mar-20 23:50pm
v2
Comments
Kris Lantz 4-Mar-20 13:17pm    
When your app contacts the server, how does the server resolve who is making the request?
Telstra 5-Mar-20 5:44am    
we are sending an auth token in header which will determine the valid requester. I am not getting how GET and POST is working and not PUT.
Kris Lantz 5-Mar-20 8:47am    
and the token is bound to an account type, correct? i.e. general user
Telstra 5-Mar-20 8:53am    
Problem is I can do PUT request in locally. But when I am deploying it to Linux server it is giving me access issue. Do we need to do anything diff on Linux server to perform PUT?
Kris Lantz 5-Mar-20 9:12am     CRLF
I'm not sure of differences in local, but during development with django, our API requests had to be authenticated, and permissions were bound to accounts. General users could post/get, but only admins had access to delete/put. Some resource on that server should be managing that, because you would not want delete/put exposed to and usable by everyone. The error is mentioning it's a permission issue, so I would investigate how those are handled.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900