CORS preflight requests won't complete

Question

CORS preflight requests won't complete

Closed this issue 9 years ago · 2 comments

I'm using Pedestal as the CORS server.

(def service {:env :prod
              ::bootstrap/routes routes
              ;; Allow services that are accessing this
              ;; service from a http-referer[sic] of http://localhost:3000.
              ;; All others are denied.
              ::bootstrap/allowed-origins ["http://localhost:3000"]
              ::bootstrap/resource-path "/public"
              ::bootstrap/type :jetty
              ::bootstrap/port 8080})

This request returns nil:

(go (<! (http/options "http://localhost:8080" 
    {:headers {"Origin" "http://localhost:3000" 
        "Access-Control-Request-Method" "GET" 
        "Access-Control-Request-Headers""Content-Type, Origin, Host, User-Agent, Content-Type, Content-Length, Referer, Connection"}})))

The js console returns this:

XMLHttpRequest cannot load http://localhost:8080/. Response to preflight request doesn't pass access control check: Credentials flag is 'true', but the 'Access-Control-Allow-Credentials' header is ''. It must be 'true' to allow credentials. Origin 'http://localhost:3000' is therefore not allowed access.
xhrio.js:561 XHR failed loading: OPTIONS "http://localhost:8080/".

Answer 1 · 2015-10-31T12:54:35.000Z

@drakezhard Is Pedestal returning the Access-Control-Allow-Credentials header?
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Allow-Credentials

Answer 2 · 2016-01-05T05:25:00.000Z

I'm closing it because it was in support of a StackOverflow question that got resolved.