You’re reading the English version of this content since no translation exists yet for this locale. Help us translate this article!
Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’
What went wrong?
The CORS request was attempted with the credentials flag set, but the server is configured using the wildcard (
"*") as the value of
Access-Control-Allow-Origin, which doesn't allow the use of credentials.
To correct this problem on the client side, simply ensure that the credentials flag's value is
false when issuing your CORS request.
- If the request is being issued using
XMLHttpRequest, make sure you're not setting
- If using Server-sent events, make sure
false(it's the default value).
- If using the Fetch API, make sure
If, instead, you need to adjust the server's behavior, you'll need to change the value of
Access-Control-Allow-Origin to grant access to the origin from which the client is loaded.