I am using falcon_cors to create restful service in python. And if the UI sends a http request from a different domain, the browser will send a OPTIONS request first. But I get below error on browser:
XMLHttpRequest cannot load http://localhost:8000/user/. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:4200' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
I have searched that I need to allow OPTIONS from backend in order to handle this request. So I write my code as below:
f_cors = falcon_cors.CORS(allow_origins_list=[
'http://localhost:4200',
'http://127.0.0.1:4200',
],
allow_all_headers=True, allow_all_methods=True)
app_pre_beaker = falcon.API(middleware=[
f_cors.middleware
])
I have specified allow_all_methods=True on creating falcon_cors but I still get the same error. What else should I update for this?
The problem indicated by the error message in the question isn’t related to an OPTIONS request.
Instead the problem appears to be that the server sent an Access-Control-Allow-Credentials response header with an empty value. To fix that problem you need to configure the server to send Access-Control-Allow-Credentials: true. That is, the header value must be "true".
If the server doesn’t respond with Access-Control-Allow-Credentials: true then your browser blocks your frontend code from being able to access the response—because your frontend JavaScript code is including credentials in the request it sends to the server, and in that case the CORS protocol requires the server to respond with Access-Control-Allow-Credentials: true.