Impact 2024: The Industrial Data and AI Conference for and by Users | Nominate Speakers Now for a Ch...
Does the CORS request set the request option to include browser credentials ({ credentials: "include" } for Fetch API, or request.withCredentials = true for XMLHttpRequest)? Browsers should only block CORS requests when Access-Control-Allow-Credentials: true is not present if that request option is set, which it is not by default.For security reasons, the CDF API does not use any form of browser credentials (such as cookies) for authentication, which is why we do not set that CORS header in the OPTIONS response. Because of this, the CORS request options should either have the browser credentials request option set to omit credentials, or have it be unset (using the default value).Authentication is only done with a bearer token in the Authorization header set in the request, which does not require Access-Control-Allow-Credentials: true and only requires Access-Control-Allow-Headers to include the Authorization header, which it as far as I can tell does.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.