GithubHelp home page GithubHelp logo

A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. about serverless-cors-plugin HOT 4 CLOSED

joostfarla avatar joostfarla commented on July 23, 2024
A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true.

from serverless-cors-plugin.

Comments (4)

chadkouse avatar chadkouse commented on July 23, 2024 1

What do you think about an option to allow you to pass back the host that is making the request in the Access-Control-Allow-Origin header -- in other words, instead of * it just looks at who's calling and returns that host name -- this would allow authenticated requests to come from anywhere.

from serverless-cors-plugin.

joostfarla avatar joostfarla commented on July 23, 2024

Thank again for reporting! You are getting this error in the browser console, right?

I suspect you have set the withCredentials option to true in whatever JS library that is performing the XHR request? If yes, did you mean to make authorized requests?

If you really want to make authorized requests:

  • The Access-Control-Allow-Credentials header has to be set to true. However, the plugin does not support this header at this time. I'll probably release support for this today or tomorrow.
  • You have to set a specific host in the Access-Control-Allow-Origin header. CORS doen not allow a wildcard (*) origin for authorized requests.

from serverless-cors-plugin.

alexmuro avatar alexmuro commented on July 23, 2024

That was it, thank you!
Also thank you for this plugin its a huge time saver.
I am using https://github.com/Netflix/falcor-http-datasource to make requests and it has some odd defaults.

from serverless-cors-plugin.

joostfarla avatar joostfarla commented on July 23, 2024

@chadkouse Thanks for reaching out! That is indeed something I've been thinking about and it definitely could be an interesting addition for authorized requests! I'll create an issue for this.

from serverless-cors-plugin.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.