angular - 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include' - TagMerge
2'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include''Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'

'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'

Asked 1 years ago
0
2 answers

Try using following configuration:

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Credentials", true);
  res.header("Access-Control-Allow-Origin", req.headers.origin);
  res.header("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE");
  res.header(
    "Access-Control-Allow-Headers",
    "X-Requested-With, X-HTTP-Method-Override, Content-Type, Accept"
  );
  if ("OPTIONS" == req.method) {
    res.send(200);
  } else {
    next();
  }
});

Source: link

0

or If you are using CORS middleware and you want to send withCredentials boolean true (for example sending responses with set-cookie headers) , you can configure CORS like this:

const corsOptions = {
  origin: ["http://localhost:3000"],
 //update: or "origin: true," if you don't wanna add a specific one
  credentials: true,
};
app.use(cors(corsOptions));
  • for using credentials app.use(corse()) won't work, you should specify your specific origin(s) in corsOptions.

it is (somehow) equal to setting the response headers like this:

app.all("*", function (req, res, next) {
  res.header("Access-Control-Allow-Origin", "http://localhost:3000");
  res.header("Access-Control-Allow-Credentials", true);
  res.header("Access-Control-Allow-Methods", "PUT, GET, POST, DELETE, OPTIONS");
  res.header("Access-Control-Allow-Headers", "Content-Type");
  next();
});

Source: link

Questions related to ''Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include''

'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'
No 'Access-Control-Allow-Origin' header is present on the requested resource - VueJS
Issue: No 'Access-Control-Allow-Origin' header is present on the requested resource
react-admin No 'Access-Control-Allow-Origin' header is present on the requested resource
React component has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
No 'Access-Control-Allow-Origin' header is present on the requested resource. I get when try to get data from Spring Data REST
CORS: The 'Access-Control-Allow-Origin' header has a value 'http://localhost:3000' that is not equal to the supplied origin
How to solve 'Redirect has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header'?
XMLHttpRequest cannot load XXX No 'Access-Control-Allow-Origin' header
Blocked by CORS policy: No 'Access-Control-Allow-Origin'. The backend has set the relevant header or the same
'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin'
How can I only allow a specific origin to access content from Cloudfront/S3 Origins when requested via iFrame?
Cross Origin Problem with Flask Api (Access-Control-Allow-Origin)
CORS: credentials mode is 'include'
Access-Control-Allow-Origin (Laravel & Vue) CORS CORB error on localhost
Has been blocked by CORS policy: Response to preflight request doesn’t pass access control check
request-promise loop, how to include request data sent with response?
How to map an response when It's array and when It's not?
Why can't I access the User's uid from the bloc's state in this example?

Recent Questions on angular

    Programming Languages