CORS Error: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.

[ZinkNotTheMetal]

Describe the bug

Error in browser when attempting to sign-in

Access to XMLHttpRequest at 'https://cnc-ac-app-qa-southcentralus-001.azurewebsites.net/realms/clicknclose/protocol/openid-connect/token' from origin 'http://localhost:3000' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

A clear and concise description of what the bug is.

To Reproduce

  <ReactKeycloakProvider
    initOptions={{ flow: 'standard' }}
    authClient={keycloakClient}
    isLoadingCheck={() => true}
    onEvent={(event, error) => {
      // eslint-disable-next-line no-console
      console.log("onKeycloakEvent!!:", event, error);
    }}
  >

Keycloak setup

Expected behavior
No CORS error should happen when trying to log in

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Windows 11
• Browser: Vivalidi & Chrome
• Version 5.6.2867.50 (Stable channel) (64-bit)

[youjeongsue]

I have same issue TT

[sorieil]

I have same issue...
As a result of many attempts to solve the problem, I found that the value of Keycloak Client settings "Access type" should be changed to "public".