CORS in IIS with credentials and wildcards in Access-Control-Allow-Origin

I inherited a fairly simple site that serves data and processes some socket connections. It runs NodeJS behind IIS, using iisnode as a bridge. This all works fine in terms of "serving regular pages."

Part of the problem is that the actual connections to the server come from desktop clients, where the content is downloaded through another application in the form of a gadget and from potentially changing and changing parts of the network, mobile devices, etc. etc. those. - An unknown number of client domains.

I already set Access-Control-Allow origin to * to just unzip the barn doors, but now I get the following error in the client:

11: 29: 57.668 Request for cross-request blocked: a policy of the same origin prohibits reading the remote resource in ' http: //server/socket.io/? EIO = 3 & transport = polling & t = 1486150196479-0 . (Reason: Credentials are not supported if the CORS header is "Access-Control-Allow-Origin is" *). 1 (unknown)

I tried to explicitly set the permissions of Access-Control-Allow-Credential to false (as well as true, and also leave it completely), but none of my attempts allowed me to bypass this.

The headers of the original answer are as follows:

Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: Origin,Content-Type,Accept
Access-Control-Allow-Methods: GET,HEAD,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Content-Encoding: gzip
Content-Length: 969
Content-Type: text/html
Date: Fri, 03 Feb 2017 19:30:21 GMT
Server: Microsoft-IIS/8.5
Vary: Accept-Encoding
X-Powered-By: ASP.NET

I can't seem to figure it out by looking at several CORS sites and articles over the past few days, why is he still complaining about Credentials - and more specifically, how do I get around this?

Thank!

UPDATE 2017-02-06

. NodeJS IIS, , , :

var socket = io('http://' + currentServer, {path: '/broadcast/socket.io', reconnection: false, forceNew: true});
socket.on('update message', function (data) {
// do some fancy things
}

.

, sidehowbarker, article , .

My applicationHost.config :

<location path="Default Web Site">
    <system.webServer>
        <rewrite>
            <allowedServerVariables>
                <add name="CAPTURED_ORIGIN" />
                <add name="RESPONSE_Access-Control-Allow-Origin" />
            </allowedServerVariables>
        </rewrite>
    </system.webServer>
</location>

web.config :

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
    <rewrite> 
        <rules>
            <rule name="Fail bad requests">
                <match url="." />
                <conditions>
                    <add input="{HTTP_HOST}" negate="true" pattern="localhost" />
                </conditions>
                <action type="AbortRequest" />
            </rule>
            <rule name="Capture Origin Header"> 
                <match url=".*" /> 
                <conditions> 
                    <add input="{HTTP_ORIGIN}" pattern=".+" /> 
                </conditions> 
                <serverVariables> 
                    <set name="CAPTURED_ORIGIN" value="{C:0}" /> 
                </serverVariables> 
                <action type="None" /> 
            </rule>
        </rules>
        <outboundRules> 
            <rule name="Set-Access-Control-Allow-Origin for known origins"> 
                <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" negate="true" /> 
                <!--<action type="Rewrite" value="{C:0}" /> -->
            </rule> 
        </outboundRules> 
    </rewrite>
    <tracing>
        <traceFailedRequests>
            <add path="*">
                <traceAreas>
                    <add provider="ASP" verbosity="Verbose" />
                    <add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
                    <add provider="ISAPI Extension" verbosity="Verbose" />
                    <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI,WebSocket" verbosity="Verbose" />
                </traceAreas>
                <failureDefinitions statusCodes="400-599" />
            </add>
        </traceFailedRequests>
    </tracing>
</system.webServer>
</configuration>

outboundRules = "Rewrite", , , .

HTTP Error 500.52 - URL Rewrite Module Error.

The page cannot be displayed because an internal server error has occurred.

Most likely causes:
•IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
•IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
•IIS was not able to process configuration for the Web site or application.
•The authenticated user does not have permission to use this DLL.
•The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.

Detailed Error Information:
Module: RewriteModule 
Notification: SendResponse 
Handler: StaticFile 
Error Code: 0x80070585 

Requested URL: http://localhost:80/iisstart.htm 
Physical Path: C:\inetpub\wwwroot\iisstart.htm 
Logon Method: Anonymous 
Logon User: Anonymous 
Request Tracing Directory: C:\inetpub\logs\FailedReqLogFiles 

, :

411.  -MODULE_SET_RESPONSE_ERROR_STATUS 
ModuleName: RewriteModule 
Notification: SEND_RESPONSE 
HttpStatus: 500 
HttpReason: URL Rewrite Module Error. 
HttpSubStatus: 52 
ErrorCode: Invalid index. (0x80070585) 
ConfigExceptionInfo: