CORS: credentials mode is 'include'

asked8 years ago
last updated4 years ago
viewed250.2k times
Up Vote152Down Vote

Yes, I know what you are thinking - yet another CORS question, but this time I'm stumped. So to start off, the actual error message:

XMLHttpRequest cannot load http://localhost/Foo.API/token. The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's . Origin 'http://localhost:5000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. I'm not sure what is meant by ? So when I perform the request in postman, I experience such error: But when I access the same request through my angularjs web app, I am stumped by this error. Here is my angualrjs request/response. As you'll see the response is OK 200, but I still receive the CORS error:

The following image demonstrates the request and response from web front-end to API So based on all the other posts I've read online, it like I'm doing the right thing, that's why I cannot understand the error. Lastly, here is the code I use within angualrjs (login factory): CORS Implementation in API - Reference purposes: Method 1 used:

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        EnableCrossSiteRequests(config);
    }

    private static void EnableCrossSiteRequests(HttpConfiguration config)
    {
        var cors = new EnableCorsAttribute("*", "*", "*")
        {
            SupportsCredentials = true
        };
        config.EnableCors(cors);
    }
}

Method 2 used:

public void Configuration(IAppBuilder app)
{
    HttpConfiguration config = new HttpConfiguration();
 
    ConfigureOAuth(app);
 
    WebApiConfig.Register(config);
    app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
    app.UseWebApi(config);

}
javascriptc#angularjscorsasp.net-web-api2
edited
from the blog
Generating the PvQ Leaderboard
Getting Help in the Age of LLMs