CORS issue with socketIO


I’m having an issue where I receive the following CORS message when attempting to connect to our socketio websocket, but not with regular API requests. Not having this issue when pointing to our non-Kong test server. I do also have the Kong CORS plugin installed and configured on this service.

Access to XMLHttpRequest at 'url' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

I’ve tried passing specific corsOptions to send different info with that header in our Node backend but that doesn’t seem to resolve. Any ideas?


Would adding http://localhost as opposed to * fix the cors origin list setting on the plugin for your preflight exception error you are getting most likely?


I’ve tried that as well. :frowning:


I keep comming back to seeing this error you mention:

The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’.

So be sure to remove the * from your cors origins list too if you have not tried that, also if its just complaining about the credentials mode is included i wonder if disabling the creds Boolean config option would possibly help too? Maybe post the CORS plugin settings you have tried with and the various errors each one gets here.