📝 Add note in CORS tutorial about allow_origins with ["*"] and allow_credentials

[dsmurrell]

Couldn't get credentials working with allow_origins set to ['*']. Thought this might help others.

I was lucky to find this after a while: https://stackoverflow.com/questions/46288437/set-cookies-for-cross-origin-requests

which explains: "Also, make sure the HTTP header Access-Control-Allow-Origin is set and not with a wildcard *."

Specifying some origins, allows my axios request with { withCredentials: true } set to work.

[codecov]

Codecov Report

Merging #1895 into master will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##            master     #1895   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files          239       239           
  Lines         7079      7079           
=========================================
  Hits          7079      7079           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a689796...b97e74a. Read the comment docs.

[github-actions]

📝 Docs preview for commit b97e74a at: https://5f372bf88c1beb3361110039--fastapi.netlify.app

[tiangolo]

Good point! Thanks for the contribution @dsmurrell ! 🚀 🍰

And thanks @Kludex for the review ☕