I know this is something usual, With the earlier versions of chrome I used to set "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --args --disable-web-security --user-data-dir in chrome shortcut tab to avoid 'Access-Control-Allow-Origin' errors. With the latest version, it seems like this fix is not working anymore. After installing the latest version 53.0.2785.89 m this is the error in console
XMLHttpRequest cannot load :15003/apps/services/preview/rr/mon/1.0/default/index.html. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://ibm-pb7en65:10080' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
I am not sure which additional attributes are to be added to avoid 'Access-Control-Allow-Origin' error.Is there any way this can be achieved?
I know this is something usual, With the earlier versions of chrome I used to set "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --args --disable-web-security --user-data-dir in chrome shortcut tab to avoid 'Access-Control-Allow-Origin' errors. With the latest version, it seems like this fix is not working anymore. After installing the latest version 53.0.2785.89 m this is the error in console
XMLHttpRequest cannot load https://example:15003/apps/services/preview/rr/mon/1.0/default/index.html. Response to preflight request doesn't pass access control check: A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://ibm-pb7en65:10080' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
I am not sure which additional attributes are to be added to avoid 'Access-Control-Allow-Origin' error.Is there any way this can be achieved?
Share asked Sep 2, 2016 at 7:45 Durga PrasadDurga Prasad 1311 gold badge4 silver badges13 bronze badges 3- "With the latest version, it seems like this fix is not working anymore." It's not a fix, it's a flag you'd only use in development. Hopefully you haven't been surfing the web with security disabled like that! – T.J. Crowder Commented Sep 2, 2016 at 7:47
-
which additional attributes are to be added- additional to what? you've not shown any code at all, so are we supposed to guess what you're currently doing? – Jaromanda X Commented Sep 2, 2016 at 7:50 - --args --disable-web-security --user-data-dir flags are set currently do I need to add anyother flags ? – Durga Prasad Commented Sep 2, 2016 at 8:26
1 Answer
Reset to default 9The error is telling you that the server sent back this response header:
Access-Control-Allow-Origin: *
...on a credentialed request. That doesn't work. On a request with credentials, the server must return a specific Access-Control-Allow-Origin header.
Since you're making the request from http://ibm-pb7en65:10080/, your server must send back this header:
Access-Control-Allow-Origin: http://ibm-pb7en65:10080
It cannot use the wildcard * instead.
The solution is either:
- Update the server to do that, or
- Remove credentials from the request
Details, as always, in the specification.