Troubles with koa-cors and Access-Control-Allow-Credentials
I have this error
XMLHttpRequest cannot load http://127.0.0.1:1337/. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost:63342' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
I've read here some topics but I haven't found a solution for me. Perhaps I just don't understand how this all works. But still, how can I fix this? Thank you in advance.
- server.js
- index.js
function submitForm(form) {
let xhr = new XMLHttpRequest()
xhr.withCredentials = true;
xhr.open('POST', 'http://127.0.0.1:1337/', true)
xhr.setRequestHeader('Access-Control-Allow-Origin', '*')
let formData = new FormData(form)
let body = {
name: formData.get('name'),
password: formData.get('password'),
message: formData.get('message')
}
xhr.onreadystatechange = function() {
if(xhr.status == 200) {
alert('Hello!')
} else {
alert('Something went wrong')
}
}
xhr.send(JSON.stringify(body))
}
$(document).ready(function () {
$('#form').submit(function (event) {
event.preventDefault();
if (validateForm($form)) {
$('#modal-form').modal('hide');
submitForm($form)
}
return false;
})
});UPDATE:
I fixed server side, I hope. my index.js now:
function submitForm(form) {
let xhr = new XMLHttpRequest()
xhr.withCredentials = true;
xhr.open('POST', 'http://127.0.0.1:1337/', true)
xhr.setRequestHeader('Access-Control-Allow-Origin', '*')
let formData = new FormData(form)
xhr.onreadystatechange = function() {
if(xhr.status == 200) {
alert('Hello!')
console.log(xhr.response);
} else {
alert('Something went wrong')
}
}
xhr.send(formData)
}
and server.js:
router
.post('/', koaBody, function (ctx) {
console.log(ctx.request.body)
ctx.status = 200
ctx.body = 'POST'
})
.get('/', function (ctx) {
ctx.status = 200
ctx.body = 'GET'
});exports.createServer = function () {
const app = new Koa()
const koaOptions = {
origin: true,
credentials: true
};
app
.use(router.routes())
.use(router.allowedMethods())
.use(cors(koaOptions))
app.listen(1337)}
and again No 'Access-Control-Allow-Origin' header is present on the requested resource.
what now I'm doing wrong?
Answer
The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.
To prevent that problem, you need to set the koa-cors credentials option:
exports.createServer = function () {
const app = new Koa()
const koaOptions = {
origin: true,
credentials: true
};
app
.use(router.routes())
.use(router.allowedMethods())
.use(koaCors(koaOptions))
app.listen(1337)
}