Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'

Reason

Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'

TheCORS request was attempted with the credentials flag set, but the server is configured using the wildcard ("*") as the value ofAccess-Control-Allow-Origin, which doesn't allow the use of credentials.

To correct this problem on the client side, ensure that the credentials flag's value isfalse when issuing your CORS request.

If using theFetch API, make sureRequest.credentials is"omit".
If the request is being issued usingXMLHttpRequest, make sure you're not settingwithCredentials totrue.
If usingServer-sent events, make sureEventSource.withCredentials isfalse (it's the default value).

If, instead, you need to adjust the server's behavior, you'll need to change the value ofAccess-Control-Allow-Origin to grant access to the origin from which the client is loaded.

Help improve MDN

Learn how to contribute

This page was last modified on⁨Jul 4, 2025⁩ byMDN contributors.

View this page on GitHub •Report a problem with this content

Movatterモバイル変換

Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'

Reason

What went wrong?

See also

Help improve MDN