A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true

[shubaivan]

I using FOSRestBundle with Nelmio Cors Bundle and have some endpoints, /api/name_end_points and I need for some server have authority to call this endpoints. Now I have error in console

XMLHttpRequest cannot load http://mydomain.com.com/api/endpoint?value=test&value1=test. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost:3000' is therefore not allowed access.

This my config:

fos_rest:
param_fetcher_listener: true
body_listener: true
format_listener: true
view:
    view_response_listener: 'force'
    formats:
        xml: true
        json : true
    templating_formats:
        html: true
    force_redirects:
        html: true
    failed_validation: HTTP_BAD_REQUEST
    default_engine: twig
routing_loader:
    default_format: json

nelmio_cors:
defaults:
    allow_credentials: false
    allow_origin: []
    allow_headers: []
    allow_methods: []
    expose_headers: []
    max_age: 0
    hosts: []
    origin_regex: false
paths:
    '^/':
        allow_origin: ['*']
        allow_headers: ['*']
        allow_methods: ['POST', 'PUT', 'GET', 'DELETE']
        max_age: 3600

How to correct config NelmioCorsBundle if I want access true for some server for my endpoints ? Like this

        allow_origin: ['*aog.jobs*', '*localhost*']

and deleted default ?

[PaulRDX]

Did you manage to resolve that problem? I'm running into the same issue.

[Seldaek]

Per the spec you can only use * or plain names. Or you can use origin_regex true and then use regexes to let the bundle match multiple hosts and return the correct allow-origin for each.