CORS enabled, but adding cookies in header causes request to be blocked? I have enabled CORS with credentials server side, not sure how to solve this

Question

Using express-session so need cookie id for authentication, but even with setting up CORS correctly (or what I thought to be) on front and back end I'm still getting issues. CORS is working without cookies enabled.

Backend config

const corsOptions = {
  origin: "*",
  methods: "GET,HEAD,PUT,PATCH,POST,DELETE",
  preflightContinue: false,
  optionsSuccessStatus: 204,
  credentials: true,
};

Frontend config (using Relay)

const response = await fetch("http://localhost:4002/graphql", {
  method: "POST",
  credentials: "include", // Allow cookies to be sent
  headers: {
    Authorization: `*/*`,
    "Content-Type": "application/json",
}

If I do not include credentials the response shows that CORS cookies are allowed:

However, as soon as I enable credentials in the client fetch config, the request is blocked. There is no response, I think Firefox is blocking the req before it is sent?

Thank you in advance for any help!

Look at the Console. If the request is being blocked by CORS rules then it should tell you why there. — Quentin, Nov 19 '20 at 14:04

score -1 · Answer 1 · answered Nov 19 '20 at 16:13

-1

The issue was not setting the accepted CORS origins to "*", as said in the console (thanks Quentin).

answered Nov 19 '20 at 16:13

Will Cowan

81
8

CORS enabled, but adding cookies in header causes request to be blocked? I have enabled CORS with credentials server side, not sure how to solve this

1 Answers1