CORS Error - /auth/me

[kasboi]

The browser returns a cors error when accessing the auth endpoints with the following message:

Access to fetch at 'https://dummyjson.com/auth/me' from origin 'https://www.test.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

[mstjr]

You must set credentials to false.

Why is it doing that ?

According to Mozilla Developer, the server is configured to Access-Control-Allow-Origin: *. This does not allow the credentials flag to be used.

Here's a resolution for the client side.

To correct this problem on the client side, ensure that the credentials flag's value is false when issuing your CORS request.
If using the Fetch API, make sure Request.credentials is "omit".
If the request is being issued using XMLHttpRequest, make sure you're not setting withCredentials to true.
If using Server-sent events, make sure EventSource.withCredentials is false (it's the default value).

Unfortunately, we must wait for server-side to be resolve to use this flag.