WenSteven
commented
4 years ago how to fix it....thx
Closed wkaskie closed 4 years ago
WenSteven
commented
4 years ago how to fix it....thx
cyu
commented
4 years ago @wkaskie @goahead77 I'm going to close this issue because there isn't enough information to troubleshoot. Please create a new issue and provide the following:
Rack::Cors configuration block
I am now having the same issue as reported in issue #31 . Also seems to be isolated to Chrome.
When a resource is declared where 'credentials: :true', the preflight response includes Access-Control-Allow-Credentials: true, but the actual response does not. Chrome (at least) will not accept this response when credentials have been sent and the response does not have Access-Control-Allow-Credentials: true.
"... has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."