Why is my request failing with error "Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true" ?
While using a browser to communicate directly with our API you might run into this error that would prevent your requests from working:
Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true.
In essence, when making a XMLHttpRequest from a web browser, setting withCredentials to true causes the request to fail since our service does not allow credentials to be sent that way because it would expose all credentials (cookies, certificates) from your browser to us ) and, besides being a security risk, ultimately, it wouldn't work with the way we authenticate (using basic auth with a one-time token).
That's why our service does not respond with the HTTP header required to make sending credentials work ( https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials) but, instead, it enables a single authentication header to be submitted via the Access-Control-Allow-Headers CORS response header.
So, always set .withCredentials to false (which is its default state) and manually set the Authorization header with your authentication token as in our code sample.