CORS: credentials mode is ‘include’

by

The issue stems from your Angular code:

When withCredentials is set to true, it is trying to send credentials or cookies along with the request. As that means another origin is potentially trying to do authenticated requests, the wildcard (“*”) is not permitted as the “Access-Control-Allow-Origin” header.

You would have to explicitly respond with the origin that made the request in the “Access-Control-Allow-Origin” header to make this work.

I would recommend to explicitly whitelist the origins that you want to allow to make authenticated requests, because simply responding with the origin from the request means that any given website can make authenticated calls to your backend if the user happens to have a valid session.

I explain this stuff in this article I wrote a while back.

So you can either set withCredentials to false or implement an origin whitelist and respond to CORS requests with a valid origin whenever credentials are involved

More Related Contents:

  1. How to enable CORS in AngularJs
  2. Request header field Access-Control-Allow-Headers is not allowed by Access-Control-Allow-Headers
  3. AngularJS: No “Access-Control-Allow-Origin” header is present on the requested resource [duplicate]
  4. AngularJS POST Fails: Response for preflight has invalid HTTP status code 404
  5. “No ‘Access-Control-Allow-Origin’ header is present on the requested resource” error for response from http://www.google.com/
  6. AngularJS CORS Issues
  7. Does Angular routing template url support *.cshtml files in ASP.Net MVC 5 Project?
  8. HTTP request from Angular sent as OPTIONS instead of POST
  9. CORS error for application running from file:// scheme
  10. AngularJS : Initialize service with asynchronous data
  11. Way to ng-repeat defined number of times instead of repeating over array?
  12. enabling cross-origin resource sharing on IIS7
  13. Call AngularJS from legacy code
  14. AngularJS sorting by property
  15. Angularjs – ng-cloak/ng-show elements blink
  16. How to trigger ngClick programmatically
  17. Ng-model does not update controller value
  18. Angularjs “Controller as” or “$scope”
  19. How to filter by object property in angularJS
  20. password-check directive in angularjs
  21. What is the elegant way to get the latest date from array of objects in client side?
  22. Angular.js. How to count ng-repeat iterations which satisfy the custom filter
  23. angular directive ignore non-numeric input
  24. CORS and Google Maps Places Autocomplete API calls [duplicate]
  25. The view is not updated in AngularJS
  26. Angularjs minification using grunt uglify resulting in js error
  27. How to change colours for Angular-Chart.js
  28. Genuinely stop a element from binding – unbind an element – AngularJS
  29. AngularJS ng-include inside of Google Maps InfoWindow?
  30. How is AngularJS different from jQuery

Leave a Comment