Closed corydolphin closed 6 years ago
Hey @kamyarg this issue should be fixed. It was a vague, but represented the fact that Flask-Cors currently uses a heuristic to determine if the string should be treated as a regex or as a string literal for matching. Frankly that was probably a bad design from the get-go, but cannot easily be changed without breaking API compatibility.
For your issue, what is your goal? Sending an '*' as the origin is not allowed in combination with credwentials, as mentioned (See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS "Credentialed requests and wildcards").
Instead if you use specify supports_credentials=true
, with the defaults CORS(origins='*', supports_credentials=true, send_wildcard=false)
it should work. Let me know if you have any issues.
Cheers, Cory
Hey, I would love to get involved with this, is there any way I can help? :)
we had to remove flask_cors as it is not possible to use wildcard (i.e. '*') with withCredentials, so would love to get help in releasing this. :)