All geek questions in one place

How to set credential flag to false?

It seems such a simple question, but I can’t find the answer and therefore makes me believe, maybe I have no control over the flag !?

Context:

I am developing a SignalR hub and client. Everything works fine if (on the signalr site) I set the following in config:

<system.webServer> <httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="http://example.com" /> </customHeaders> </httpProtocol> </system.webServer>

The problem is that I would like to use a wildcard here.

When I do (ie value="*" ), I get the following error (on the client):

 A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true.

I might well be missing something here, but I cannot find the appropriate entry in config that would allow me to set the credential flag.

What i tried

 <add name="Access-Control-Allow-Credentials" value="false"/>

It doesn't seem to matter (same error).

+6
source share
1 answer

I believe your client is sending credentials. CORS does not allow credentials to be included in the wildcard.

This question describes it pretty well.

Edit:

This is an even better answer, answering a similar question and related to the one I referred to. It will also be a good place to read.

+3
source

Source: https://habr.com/ru/post/981017/

More articles:


All Articles