I get the following message CORS only in Chrome, Mozilla works fine:
Access to XMLHttpRequest at 'http://localhost:8002/dataHub/negotiate' from origin 'http://172.16.30.79:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
Server returns me these headers:
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: x-requested-with,Vary,Server,Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Access-Control-Allow-Headers,Access-Control-Allow-Methods,Date
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, CONNECT, OPTIONS, TRACE, PATCH
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Vary, Server, Access-Control-Allow-Origin, Access-Control-Allow-Credentials, Access-Control-Allow-Headers, Access-Control-Allow-Methods, Date
Content-Type: application/json; charset=utf-8
Date: Mon, 23 Sep 2019 18:32:09 GMT
Server: Microsoft-IIS/10.0
Vary: Origin
X-Content-Type-Options: nosniff
My connection using SignalR is:
this.connection = new signalR.HubConnectionBuilder()
.configureLogging(signalR.LogLevel.Debug)
.withUrl("http://localhost:8002/dataHub")
.build();
this.connection
.start({withCredentials: false})
.then(() => {
});
As you can see server sends one header:
Access-Control-Allow-Origin: *
In Mozilla I see Access-Control-Allow-Origin: http://172.16.30.79:4200
Why does Chrome replace Access-Control-Allow-Origin: http://172.16.30.79:4200 on Access-Control-Allow-Origin: * I dont know.
