Skip to content Skip to sidebar Skip to footer
Home / Angular / Cors / Javascript / Node.js / Socket.io

Value Of The 'access-control-allow-origin' Header In The Response Must Not Be The Wildcard '*' When The Request's Credentials Mode Is 'include'

Post a Comment
I trying to connect socket.io between Angular and Nodejs Server In Angular I have declared a new socket and connect it import * as io from 'socket.io-client'; ... @comp

Solution 1:

The message is clear enough:

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include

This happens because you're setting the property withCredentials on your XMLHttpRequest to true. So you need to drop the wildcard, and add Access-Control-Allow-Credentials header.

res.header("Access-Control-Allow-Origin", "http://localhost:4200");
res.header('Access-Control-Allow-Credentials', true);

You can use cors package, to easily implement a whitelist:

const cors = require('cors');
const whitelist = ['http://localhost:4200', 'http://example2.com'];
const corsOptions = {
  credentials: true, // This is important.origin: (origin, callback) => {
    if(whitelist.includes(origin))
      returncallback(null, true)

      callback(newError('Not allowed by CORS'));
  }
}

app.use(cors(corsOptions));

Solution 2:

For a simple no-security socket.io (v.4) server configuration try:

const ios = require('socket.io');
const io = new ios.Server({
    allowEIO3: true,
    cors: {
        origin: true,
        credentials: true
    },
})
io.listen(3000, () => {
    console.log('[socket.io] listening on port 3000')
})

(allowEIO3 is only needed if you want compatiblity with older socket.io clients)

Post a Comment for "Value Of The 'access-control-allow-origin' Header In The Response Must Not Be The Wildcard '*' When The Request's Credentials Mode Is 'include'"