1

I'm building website with font-end that is written by Angular and it send request to back-end (Moqui) through out Rest-API. My website require User authenticated to use features, so every request is sent from front-end, I must add attribute "withCredentials: true" to make Angular append JSESSIONID from Cookie to request (server will use JSSESSIONID to get info about logged user).

However, Angular always send HTTP OPTIONS Request first to check CORS policy, and the attribute 'Access-Control-Allow-Origin' in response header for this request have value is "*",

so Angular throw the error "Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."

How can I edit attribute "Access-Control-Allow-Origin" for the OPTIONS-method request, or any solution better than edit it? Please help me, I spend amount of time to find the solution but not resolved now!

Hien Nguyen
  • 24,551
  • 7
  • 52
  • 62
kieuanhvu
  • 98
  • 10
  • If https://github.com/moqui/moqui-framework/search?q=access-control-allow-origin&unscoped_q=access-control-allow-origin is the source your Moqui system is running, then the answer seems to be that you can’t change the value that gets set for the Access-Control-Allow-Origin response header without editing the source — because the `*` value is hardcoded into the source. – sideshowbarker Apr 27 '19 at 05:13
  • Where the souce code file I must edit to change it?? – kieuanhvu Apr 27 '19 at 05:49
  • Actually I think what would likely be most productive for is to report to Moqui. See https://www.moqui.org/docs/moqui/Community+Guide#questions-and-support and https://www.moqui.org/docs/moqui/Issue+and+Pull+Request+Guide and https://www.moqui.org/vapps/my/User/Request. Otherwise, I’m not familiar with Moqui at all but just based on searching through the source code at GitHub, if you were the change the sources, I think a place to start would be `moqui-framework/framework/src/main/groovy/org/moqui/impl/util/RestSchemaUtil.groovy`. You’d then need to rebuild the code from your patched source. – sideshowbarker Apr 27 '19 at 09:02
  • @sideshowbarker: thank you for your response, but RestSchemaUtil.groovy is not cause of problem, Angular always send preflight request with OPTIONS method to check CORS proxy, and because I use nginx to mapping url from client to server, perhaps I should edit config in nginx to change attribute **Access-Control-Allow-Origin**, isn't it? – kieuanhvu Apr 27 '19 at 14:48
  • yeah see the answers at https://stackoverflow.com/a/44600395/441757 and https://stackoverflow.com/a/44422480/441757 – sideshowbarker Apr 27 '19 at 16:27

0 Answers0