Configuration:
- I have a react app making requests to phoenix server
- Phoenix sets sessions in the form of cookies
- CSRF protection is enabled at server that requires session to be fetched
- For browser to set cookie (session) as required by CSRF protection, i need to add credentials: include in react request config
Problem:
This works fine when my origin is not set to “".
But,on using "” origin it throws error:
The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'
I know we can’t specify “*” as ‘Access-Control-Allow-Origin’ header in a credentialed request. But, How do i make it work then? And how come no one else is not facing this issue?