A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true

[Sachin-Suresh]

Im trying to interact angular 2 with node js and below is my cors headers configured in index.js of nodejs

app.use(function(req, res, next) { 
        res.setHeader("Access-Control-Allow-Methods", "POST, PUT, OPTIONS, DELETE, GET");
        res.header("Access-Control-Allow-Origin", "http://localhost:4200");
        res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
        //res.header("Access-Control-Allow-Credentials", false);
        next();
});

app.use(cors({ origin: 'http://localhost:4200' }));   //If i use this it works
app.use(cors({ origin: '*' }));     //But i want to keep it as *

I have not anywhere configured CORS nor set withCredentials to True, where is my setting wrong?

How to avoid this error

Error stack:

XMLHttpRequest cannot load http://localhost:5000/upload. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost:4200' is therefore not allowed access.

[bblfish]

It is the server that needs to set CORS headers so that JavaScript can fetch remote data from a different origin. In cases where servers don't set the headers but you think it is not risky to have the data be read by any JS app, you need to have a CORS proxy.

I managed to get cors interaction to work with rww-play in the demo app

https://github.com/read-write-web/rww-scala-js

That uses React. But the code to call cors should be quite easy to search for.

What does the server send back? Can you intercept what is going on over the wire say with Wireshark https://wiki.wireshark.org/SSL ?

What is the origin your JS is served from?