Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'
Reason
Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'
What went wrong?
The CORS request requires that the server permit the use of
credentials, but the server's Access-Control-Allow-Credentials
header's value isn't set to true
to enable their use.
To fix this problem on the client side, revise the code to not request the use of credentials.
- If using the Fetch API, make sure
Request.credentials
is"omit"
. - If the request is being issued using
XMLHttpRequest
, make sure you're not settingwithCredentials
totrue
. - If using Server-sent events,
make sure
EventSource.withCredentials
isfalse
(it's the default value).
To eliminate this error by changing the server's configuration, adjust the server's
configuration to set the Access-Control-Allow-Credentials
header's value to
true
.
See also
- CORS errors
- Glossary: CORS
- CORS introduction