* in CORS is failing
Closed this issue · 2 comments
haizaar commented
I have an ES dev server with Access-Control-Allow-Origin set to * (and does not have any auth credentials). Dejavu refuses to connect - I see the following in browser console log
XMLHttpRequest cannot load http://example.com:9200/foobar/_search?search_type=query_then_fetch. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://opensource.appbase.io' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
Looks dejavu should recognize that there no credentials supplied and withCredentials flag accordingly.
I'm using the hosted version of dejavu: http://opensource.appbase.io/dejavu/live on Chrome 53.
haizaar commented
BTW, same problem for hosted version of GEM (http://opensource.appbase.io/gem/), BTW.
haizaar commented
One needs to make sure that allow-headers is set. See appbaseio/mirage#34