I am now having the same issue as reported in issue #31 . Also seems to be isolated to Chrome.
When a resource is declared where 'credentials: :true', the preflight response includes Access-Control-Allow-Credentials: true, but the actual response does not. Chrome (at least) will not accept this response when credentials have been sent and the response does not have Access-Control-Allow-Credentials: true.
"... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."
@wkaskie @goahead77 I'm going to close this issue because there isn't enough information to troubleshoot. Please create a new issue and provide the following:
Rack::Cors configuration block
URL that's causing the issue. An example curl command would be ideal!
I am now having the same issue as reported in issue #31 . Also seems to be isolated to Chrome.
When a resource is declared where 'credentials: :true', the preflight response includes Access-Control-Allow-Credentials: true, but the actual response does not. Chrome (at least) will not accept this response when credentials have been sent and the response does not have Access-Control-Allow-Credentials: true.
"... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."