-1

I am getting below error while using "{withCredentials:true}" in the API .if I am not using this then it is not working.

const submit = async(e:SyntheticEvent) =>{
    e.preventDefault();
    await axios.post('http://localhost:8000/api/login',{
        email,
        password
    });
}

the above is working properly. When I am using {withCredentials:true} then it is giving cors() error.

const submit = async(e:SyntheticEvent) =>{
    e.preventDefault();
    await axios.post('http://localhost:8000/api/login',{
        email,
        password
    },{withCredentials:true}); 
    setRedirect(true);

enter image description here

}

in main.ts file I have below configurations.

  const options = {
    origin: '*',
    methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
    preflightContinue: false,
    credentials: true,
  };
  app.enableCors(options);

even I tried credentials: false, still it is not working.

I have to use {withCredentials:true} so that I can take jwt tokens for authorizations.

Shruti sharma
  • 199
  • 6
  • 21
  • 67
  • You cannot use both `credentials: true` and `origin: *`. See the note right above https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests – jub0bs Nov 20 '21 at 11:03

1 Answers1

-2

try this.

  const options = {
    origin: true,
    methods: 'GET,HEAD,PUT,PATCH,POST,DELETE',
    preflightContinue: false,
    credentials: true,
    allowedHeaders: 'Content-Type, Accept',
  };
  app.enableCors(options);
Shruti sharma
  • 199
  • 6
  • 21
  • 67
  • 1
    Don't ever do this! You're allowing arbitrary origins with credentials; it pretty much voids the protection provided by the same-origin policy. This is terrible advice in terms of security. – jub0bs Nov 21 '21 at 15:18
  • Sure...I thought it is for learning ,so I recommended – Shruti sharma Nov 21 '21 at 16:00