New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't get CORS to work when "withCredentials" is true for any origin #9
Comments
Hi @kshetline and welcome to the KrakenD community! This module wraps https://github.com/rs/cors, the behaviour you are describing is disabled for security reasons (by the library, not us).
Please check this issue for more information: rs/cors#55 |
I can get this to work just fine with a simple sample node/express server (which is not the server we're using through kraken), without running into any security issues from either Chrome or Firefox. I'm confused about whether or not the issue you linked to above matches my situation or not. I don't have the browser sending This problem goes away if |
I've found a solution to get the behavior I want. I don't know if this would be considered a "cheat" or not, but It was very useful to know that the source code that mattered was " https://github.com/rs/cors", because that made it easy to figure this out. Thanks! |
This issue was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link. |
I'm trying to get CORS to work when
withCredentials
is true in myXMLHttpRequest
, but for any origin. If I use"allow_origins": []
or"allow_origins": ["*"]
in my"github_com/devopsfaith/krakend-cors"
config, CORS will only work if withCredentials is false.I can get CORS to work when
withCredentials
is true only if I specifically whitelist all allowed origins.The problem is that with
"allow_origins": []
or"allow_origins": ["*"]
,Access-Control-Allow-Origin
comes back as "*". I need to have to origin of the request echoed back in theAccess-Control-Allow-Origin
header instead.Is there a way to specify that behavior?
The text was updated successfully, but these errors were encountered: