CODEWITHSUNDEEP
javascripthttp-headersxmlhttprequestcors
Maks K
Maks K

Reputation: 3914

Error with "Access-Control-Allow-Origin", when i have "Access-Control-Allow-Origin: *"

I has error:

XMLHttpRequest cannot load http://localhost:5984/cp_config/. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.

But i have header:

res.header("Access-Control-Allow-Origin", "*");

How can I fix this?

Upvotes: 2

Views: 273

Answers (2)

cbalakus
cbalakus

Reputation: 630

Can you try add this to web.config

<system.webServer>
  <httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
  </customHeaders>
</httpProtocol>
</system.webServer>

Upvotes: 0

sideshowbarker
sideshowbarker

Reputation: 87984

You can fix it by having the server-side code for http://localhost:5984/cp_config/ echo the Origin request-header value to theAccess-Control-Allow-Origin response-header value.

See the “Credentialed requests and wildcards” at MDN for details about the cause of the error.

How you get the Origin request-header value echoed into the Access-Control-Allow-Origin response-header value depends on what Web server and server-side programming environment (if any) is being used to serve http://localhost:5984/cp_config/.

There are some Web servers and programming environments which have good CORS libraries that make it very easy to do, and then there are some others like Apache that it’s next to impossible to use on their own for CORS-enabled content delivery without also adding in some Python thing or PHP or whatever to allow the kind of access to the header values that is needed.

Upvotes: 1

Related Questions