Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:3000' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

See original GitHub issue

Hello all, I’m new to socket.io. I have following code in my NodeJs/Express server

const http = require('http');
const socketIo = require('socket.io');
const app = express();
const server = http.createServer(app);
const io = socketIo(server);

io.on('connection', socket => {
  console.log('New client connected');
  socket.on('disconnect', () => console.log('Client disconnected'));
  socket.emit('FromAPI', 'hello');
});
//My port here is 8848
app.listen(app.get('port'), () => {
  logger.log('info', `Server started at :${app.get('port')}`);
});

And following code in Client React app and my react app is hosted in port 3000 as http://localhost:3000

import socketIO from 'socket.io-client';
componentDidMount() {
    const endPoint = 'http://127.0.0.1:8848';
    const socket = socketIO(endPoint);
    socket.on('FromAPI', data => console.log(data));
  
  }

With this code i got the following error on the browser console: polling-xhr.js:263 GET http://127.0.0.1:8848/socket.io/?EIO=3&transport=polling&t=MMT-4kl 405 (Method Not Allowed) Failed to load http://127.0.0.1:8848/socket.io/?EIO=3&transport=polling&t=MMT-Aso: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. Origin ‘http://localhost:3000’ is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

Anyone please help me with this problem.

Issue Analytics

State:
Created 5 years ago
Comments:5 (1 by maintainers)

Top GitHub Comments

11reactions

vschoenercommented, Sep 9, 2018

So, closed and no solution? 😦

1reaction

darrachequesnecommented, Feb 24, 2021

For future readers: withCredentials defaults to true in Socket.IO v2

If you don’t need the client to include its cookies in the HTTP requests, you can disable it:

const io = require("socket.io-client");
const socket = io("https://example.com", {
  withCredentials: false
});

That being said, this error is really weird because the server should not respond with Access-Control-Allow-Origin: *, but with the right origin here. That might be linked to the HTTP 405 (Method Not Allowed) in the logs.

Documentation:

Please note that this does not apply to Socket.IO v3 (documentation here)

Top Results From Across the Web

CORS: Cannot use wildcard in Access-Control-Allow-Origin ...

The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. After installing, make sure you add your url ......

Reason: Credential is not supported if the CORS header ...

The CORS request was attempted with the credentials flag set, but the server is configured using the wildcard ("*") as the value of ......

The value of the 'Access-Control-Allow-Origin' header in the ...

The credentials mode of requests initiated by the XMLHttpRequest is ... in the 'Access-Control-Allow-Origin' header, not just the wildcard.

Top Five CORS Issues You Don't Want To Run Into

Access Control Allow Origin header in response must not be wildcard * ... The credentials mode of requests initiated by the XMLHttpRequest ......

The value of the 'Access-Control-Allow-Origin' header in the ...

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include' #....