When dealing with authentication (e.g., cookies or JWT), you need to ensure CORS configuration allows credentials:
const corsOptions = {
origin: 'http://example.com',
methods: 'GET,POST',
allowedHeaders: 'Content-Type,Authorization',
credentials: true, // Allow credentials (cookies, headers)
};
app.use(cors(corsOptions));
Make sure that the client-side code also includes credentials in requests:
fetch('http://api.example.com/data', {
method: 'GET',
credentials: 'include' // Include cookies in the request
});
Leave a Reply