I'm building website with font-end that is written by Angular and it send request to back-end (Moqui) through out Rest-API. My website require User authenticated to use features, so every request is sent from front-end, I must add attribute "withCredentials: true" to make Angular append JSESSIONID from Cookie to request (server will use JSSESSIONID to get info about logged user).

However, Angular always send HTTP OPTIONS Request first to check CORS policy, and the attribute 'Access-Control-Allow-Origin' in response header for this request have value is "*",

so Angular throw the error "Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."

How can I edit attribute "Access-Control-Allow-Origin" for the OPTIONS-method request, or any solution better than edit it? Please help me, I spend amount of time to find the solution but not resolved now!

0 Answers