The value of the ‘Access-Control-Allow-Credentials’ header in the response is ‘’ which must be ‘true’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

Question

The value of the ‘Access-Control-Allow-Credentials’ header in the response is ‘’ which must be ‘true’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

linhnvhicts opened this issue 4 years ago · comments

Hi i installed the package and setup in installed_app and middleware(i put corsheaders.middleware.CorsMiddleware at the top too), i also set CORS_ORIGIN_ALLOW_ALL=True like in the document

But when the frontend client(using ReactJS and axios) call django-rest-framework API it return the following error:

Access to XMLHttpRequest at ‘My API URL’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The value of the ‘Access-Control-Allow-Credentials’ header in the response is ‘’ which must be ‘true’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

Does anyone know what i did wrong ?

linhnvhicts · Answer 1 · Fri Jul 17 2020 15:12:25 GMT+0800 (China Standard Time)

Seems like it's frontend side fault, they have bad axios config related to the domain name :|