admin管理员组

文章数量:1127898

so basically I am trying to send GET request to by node.js webserver locally hosted but to ensure HTTPS I'm using NGROK.

Here's the frontend:

$.ajax({
        url: apiPath+'/conf/api/validate-session',
        method: 'GET',
        xhrFields: {
            withCredentials: true
        },
        headers: {
            'Content-Type': 'application/json'
        },
        success: function(data) {
            console.log(data);
        },
        error: function(err) {
            console.error(err);
        }
    });

Here's the CORS settings of my webserver:

const corsOptions = {
    origin: (origin, callback) => {
        if (allowedOrigins.includes(origin) || !origin) {
            callback(null, true);
        } else {
            callback(new Error('Not allowed by CORS'));
        }
    },
    credentials: true,
    methods: ['GET', 'POST', 'OPTIONS'],
    allowedHeaders: ['Content-Type', 'Authorization'],
};

app.use(cors(corsOptions));
app.options('*', (req, res) => {
    res.setHeader('Access-Control-Allow-Origin', '');
    res.setHeader('Access-Control-Allow-Credentials', 'true');
    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
    res.setHeader('Cache-Control', 'no-store');
    res.sendStatus(204);
});
app.set('trust proxy', true);

Here are the errors that I'm getting:

[Error] Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
[Error] XMLHttpRequest cannot load  due to access control checks.
[Error] {readyState: 0, getResponseHeader: function, getAllResponseHeaders: function, setRequestHeader: function, overrideMimeType: function, …}
    error (login.js:115)
    c (jquery.min.js:2:28453)
    fireWith (jquery.min.js:2:29194)
    l (jquery.min.js:2:80212)
    (anonymous function) (jquery.min.js:2:82607)
[Error] Failed to load resource: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true. (validate-session, line 0)

I'm dealing with this 2. day and I don't know what I am doing wrong. I've tested the request localy with curl and it was fine.

Thank you for any help.

I've expected to remove the CORS issue

本文标签: javascriptCORS HTTPS withCredentials trueStack Overflow

版权声明:本文标题:javascript - CORS HTTPS withCredentials: true - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736705695a1948664.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。