CORS error : Header in the response must not be wildcard javascript

  cors, javascript

I am a newbie to Javascript and web-development domain. I am trying to get some data from a REST API via GET call. However, I am getting a CORS error when I try to make this call. I tried to read up on Stackoverflow and couple of other websites on how to fix the error but I am a bit confused as well as technically weak.

Here is a snippet of my code:

var xhReq = new XMLHttpRequest();"GET", api_url, true, user, pass);
xhReq.withCredentials = true;

Here is the error I receive:
Access to XMLHttpRequest at ‘htpp://the api url’ from origin ‘http://localhost’ has been blocked by CORS policy: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

From what I understand, the issue is due to the response header having a ‘*’ in the Access-Control-Allow-Origin field.

enter image description here

My question is …What’s the problem here ?

  1. Should I ask the API developer guy to send a different value in the Access-Control-Allow-Origin field

  2. Some examples on Internet suggests to set the withCredentials field to false. However, it leads to a different CORS error saying no header was found

    Access to XMLHttpRequest at 'http://the api url' from origin 'http://localhost' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

  3. I am running it from localhost using WAMP server. Is it something that will work fine on the production server since both the API url and the server url have the same domain of my university.

Do let me know if you need any more information. I currently testing it from my local machine.

Source: Ask Javascript Questions