What header is missing to prevent CORS from blocking requests on a single IP?

D

daria_sokolova2020-06-18 13:15:46

HTTP Cookies

daria_sokolova, 2020-06-18 13:15:46

Hi ✋ Issue on request with "Set cookie" header set by server

On server:
Access-Control-Allow-Credentials "true"
Access-Control-Allow-Origin: (desired ip without port), no asterisk

On front:
using axios, I pass the parameter withCredentials: true

In the postman the request passes, the cookie is set, in the browser an error occurs:
The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true'. What does not write a cookie

If Access-Control-Allow-Credentials: true, then Access-Control-Allow-Origin: * as I understand it cannot be used. I guess there are not enough instructions at the front

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

Robur, 2020-06-18
@Robur

You yourself wrote everything:
Access-Control-Allow-Credentials must be true (you have '') - check in devtools.
Access-Control-Allow-Origin must be not *

X

xenonhammer, 2020-06-18
@xenonhammer

header("Access-Control-Allow-Origin: localhost:3000" )
If your front is at http://localhost:3000. try without ip