CORS - Status 200 but error in Chrome devtools console

Question

I have a problem with CORS, the problem is my code is executed (status 200) but I have an error in Google Chrome developer console.

My code:

function callUrl(url) {
    var xmlhttp = null;

    if (window.XMLHttpRequest) {
        xmlhttp = new XMLHttpRequest();
    } else if (window.ActiveXObject) {
        xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
    }

    if (xmlhttp !== null) {
        xmlhttp.open("POST", url, true);
        xmlhttp.withCredentials = true;
        xmlhttp.send(JSON.stringify({
        }));
    } else {
        console.error("Your browser does not support XMLHTTP.");
    }
}

callUrl('https://www.website.com/tracking?etc...');

XMLHttpRequest cannot load https://www.website.com/tracking?. The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:8888' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

The server configuration:

"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": true,

score 1 · Accepted Answer · answered Nov 17 '17 at 22:25

in Firefox you will get this error to... even if it's working and got status 200.

you can read about it in https://developer.mozilla.org/en-US/docs/Web/HTTP/Server-Side_Access_Control.

If you use the xmlhttp.withCredentials = true; you need to specify specific origin that allowed in the PHP code. if any source can call your API ... remove this attribute so you will be able to use "Access-Control-Allow-Origin": "*"

CORS - Status 200 but error in Chrome devtools console

1 Answers1