Access-Control-Allow-Credentials: True causing proxied requests to fail #330

msa0311 · 2021-03-04T12:39:40Z

cors-anywhere does not work if credentials are passed in the requested:
If "Access-Control-Allow-Credentials" is "true" --> "Access-Control-Allow-Origin" cannot be "*"

Access to XMLHttpRequest at 'http://localhost:8080/http://xyz' from origin 'http://localhost:12345' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

…in case the "Access-Control-Allow-Credentials" is true

Rob--W · 2021-03-04T13:13:57Z

Duplicate of #36 among many others.

In short, credentials are not supported for security reasons. See also https://github.com/Rob--W/cors-anywhere/pull/148#issuecomment-452465262

msa0311 added a commit to msa0311/cors-anywhere that referenced this issue Mar 4, 2021

Rob--W#330: Set 'access-control-allow-origin' to the requests origin …

fac9031

…in case the "Access-Control-Allow-Credentials" is true

Rob--W closed this as completed Mar 4, 2021

snyk-bot mentioned this issue Jun 21, 2022

[Snyk] Fix for 26 vulnerabilities netresearch/cors-anywhere#6

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Access-Control-Allow-Credentials: True causing proxied requests to fail #330

Access-Control-Allow-Credentials: True causing proxied requests to fail #330

msa0311 commented Mar 4, 2021 •

edited

Loading

Rob--W commented Mar 4, 2021

Access-Control-Allow-Credentials: True causing proxied requests to fail #330

Access-Control-Allow-Credentials: True causing proxied requests to fail #330

Comments

msa0311 commented Mar 4, 2021 • edited Loading

Rob--W commented Mar 4, 2021

msa0311 commented Mar 4, 2021 •

edited

Loading