CORS requests failing (Access-Control-Allow-Origin)

Question

CORS requests failing (Access-Control-Allow-Origin)

richburdon opened this issue 7 years ago · 1 comments

I'm using a transport with withCredentials

request({ url, method, body, transport: createTransport({ withCredentials: true })

But my requests are still coming back with errors:

Failed to load https://api.myserver.com/graphql: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:9000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

My server is set-up to support CORS request; and works fine with my ApolloClient GraphQL requests from the browser.

The response headers from the preflight OPTIONS request look the same for both the popsicle and graphql requests, but popsicle fails with the error:

access-control-allow-credentials:false
access-control-allow-headers:Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent
access-control-allow-methods:OPTIONS,POST
access-control-allow-origin:*

Answer 1 · 2017-11-28T03:04:40.000Z

Setting the following headers instead seems to work.

      headers: {
        Accept: '*/*', 'Content-Type': 'application/json'
      }