Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cors issue when request was made with credentials #10

Open
joes-code opened this issue Sep 30, 2019 · 4 comments
Open

cors issue when request was made with credentials #10

joes-code opened this issue Sep 30, 2019 · 4 comments

Comments

@joes-code
Copy link

Chrome will block the request with credentials enabled (https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials) to mock server because the server returns " Access-Control-Allow-Origin: * "

It's an easy fix - we just need to pass custom cors options to express. I was gonna submit PR but can't seem to push the branch - getting 403.
@muratcorlu
Copy link
Owner

We are already using CORS headers. It should work already. You can see how we enable CORS headers here: https://github.com/muratcorlu/cli-api-mocker/blob/master/src/index.js#L73

@joes-code
Copy link
Author

Yep, by default "cors()" set the Access-Control-Allow-Origin to "*" which Chrome will reject when the request was made with "credentials" flag enabled. It throws error something like:
A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true
All you need to do it update that line #73 to something like this:

var corsOptionsDelegate = function (req, callback) {
  var corsOptions = { 
    origin: true, 
    credentials: true,
    methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
    preflightContinue: false,
    optionsSuccessStatus: 204
  };
  callback(null, corsOptions);
};
app.use(cors(corsOptionsDelegate));

@muratcorlu
Copy link
Owner

I'll try to reproduce problem with an example and understand what is exactly needed for fixing it.

@viv3kk
Copy link
Contributor

viv3kk commented Apr 21, 2020

Hi muratcorlu,

I this issue solved. I am also getting the same issue Access-Control-Allow-Origin to "*"

Yep, by default "cors()" set the Access-Control-Allow-Origin to "*" which Chrome will reject when the request was made with "credentials" flag enabled. It throws error something like:
A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true
All you need to do it update that line #73 to something like this:

var corsOptionsDelegate = function (req, callback) {
  var corsOptions = { 
    origin: true, 
    credentials: true,
    methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
    preflightContinue: false,
    optionsSuccessStatus: 204
  };
  callback(null, corsOptions);
};
app.use(cors(corsOptionsDelegate));

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@muratcorlu @viv3kk @joes-code