Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'

{{HTTPSidebar}} 

Reason

Reason: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'

What went wrong?

The {{Glossary("CORS")}}  request was attempted with the credentials flag set, but the server is configured using the wildcard ("*") as the value of {{HTTPHeader("Access-Control-Allow-Origin")}} , which doesn’t allow the use of credentials.

To correct this problem on the client side, ensure that the credentials flag’s value is false when issuing your CORS request.

• If using the Fetch API, make sure {{domxref("Request.credentials")}}  is "omit".
• If the request is being issued using {{domxref("XMLHttpRequest")}} , make sure you’re not setting {{domxref("XMLHttpRequest.withCredentials", "withCredentials")}}  to true.
• If using Server-sent events, make sure {{domxref("EventSource.withCredentials")}}  is false (it’s the default value).

If, instead, you need to adjust the server’s behavior, you’ll need to change the value of Access-Control-Allow-Origin to grant access to the origin from which the client is loaded.

See also

• CORS errors
• Glossary: {{Glossary("CORS")}} 
• CORS introduction