Access to XMLHttpRequest at ‘http://localhost:back’ from origin ‘http://localhost:front’ has been blocked by CORS policy

Access to XMLHttpRequest at ‘http://localhost:back’ from origin ‘http://localhost:front’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

cors 미들웨어를 써서 cors 문제를 해결할 수 있다.

app.use(cors({
  origin: '*', // Access-Control-Allow-Origin
  credentials: true,// 쿠키 전달: true, // Access-Control-Allow-Credential
}));

모든 주소 요청에도 허용할 수 있다. 하지만 credentials: true를 하면 와일드카드로 모든 주소를 허용할 수 없어서 에러가 발생했다.

app.use(cors({
  origin: 'http://localhost:front',
  credentials: true,
}));

or

app.use(cors({
  origin: true,
  credentials: true,
}));