CORS preflight requests won't complete
Closed this issue · 2 comments
I'm using Pedestal as the CORS server.
(def service {:env :prod
::bootstrap/routes routes
;; Allow services that are accessing this
;; service from a http-referer[sic] of http://localhost:3000.
;; All others are denied.
::bootstrap/allowed-origins ["http://localhost:3000"]
::bootstrap/resource-path "/public"
::bootstrap/type :jetty
::bootstrap/port 8080})
This request returns nil:
(go (<! (http/options "http://localhost:8080"
{:headers {"Origin" "http://localhost:3000"
"Access-Control-Request-Method" "GET"
"Access-Control-Request-Headers""Content-Type, Origin, Host, User-Agent, Content-Type, Content-Length, Referer, Connection"}})))
The js console returns this:
XMLHttpRequest cannot load http://localhost:8080/. Response to preflight request doesn't pass access control check: Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is ''. It must be 'true' to allow credentials. Origin 'http://localhost:3000' is therefore not allowed access.
xhrio.js:561 XHR failed loading: OPTIONS "http://localhost:8080/".
@drakezhard Is Pedestal returning the Access-Control-Allow-Credentials
header?
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Credentials
I'm closing it because it was in support of a StackOverflow question that got resolved.