I am trying to send a cookie after login via ajax from localhost to a server hosted somewhere else. TO counter the error related to cookies, I use in my axios:

var instance = axios.create({ 
   withCredentials: true
});

and in expressjs I have this:

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  next();
});

So, I am getting this error now

Failed to load : Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:8080' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

How can I tell express to whitelist my domain or how do I just send back the cookie so I can stay logged in?

To add more info, when I make a post (login) request to the expressjs, it returns a cookie, now my browser does not send the cookie by iself, so that is why I am usiing withCredentials

I am trying to send a cookie after login via ajax from localhost to a server hosted somewhere else. TO counter the error related to cookies, I use in my axios:

var instance = axios.create({ 
   withCredentials: true
});

and in expressjs I have this:

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
  next();
});

So, I am getting this error now

Failed to load https://foo.herokuapp./login: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:8080' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

How can I tell express to whitelist my domain or how do I just send back the cookie so I can stay logged in?

To add more info, when I make a post (login) request to the expressjs, it returns a cookie, now my browser does not send the cookie by iself, so that is why I am usiing withCredentials

• javascript
• node.js
• express
• cookies
• axios

Share Improve this question Follow asked Sep 13, 2017 at 12:51 n102866n102866 5111 silver badge44 bronze badges

Add a ment  | 

1 Answer 1

Sorted by: Reset to default 3

You replace the * with the origin (http://localhost:8080 in your example).