Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'

Reason

Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'

What went wrong?

TheCORS request requires that the server permit the use ofcredentials, but the server'sAccess-Control-Allow-Credentialsheader's value isn't set totrue to enable their use.

To fix this problem on the client side, revise the code to not request the use ofcredentials.

If using theFetch API, make sureRequest.credentials is"omit".
If the request is being issued usingXMLHttpRequest, make sure you'renot settingwithCredentials totrue.
If usingServer-sent events,make sureEventSource.withCredentials isfalse (it's thedefault value).

To eliminate this error by changing the server's configuration, adjust the server'sconfiguration to set theAccess-Control-Allow-Credentials header's value totrue.

Help improve MDN

Learn how to contribute

This page was last modified onJul 4, 2025 byMDN contributors.

View this page on GitHub •Report a problem with this content

Movatterモバイル変換

Reason: expected 'true' in CORS header 'Access-Control-Allow-Credentials'

Reason

What went wrong?

See also

Help improve MDN