Otdfbt

Can a 40amp breaker be used safely and without issue with a 40amp device on 6AWG wire?

What is the color associated with lukewarm?

How can I detect if I'm in a subshell?

Leveraging cash for buying car

A Tale of Snake and Coffee

How can religions without a hell discourage evil-doing?

Is it possible to install Firefox on Ubuntu with no desktop enviroment?

Reflecting Telescope Blind Spot?

Is there a risk to write an invitation letter for a stranger to obtain a Czech (Schengen) visa?

Is there a term for someone whose preferred policies are a mix of Left and Right?

What did the 8086 (and 8088) do upon encountering an illegal instruction?

Digital signature that is only verifiable by one specific person

Idiom for 'person who gets violent when drunk"

How did the European Union reach the figure of 3% as a maximum allowed deficit?

Can I give my friend the sour dough "throw away" as a starter to their sourdough starter?

...and then she held the gun

Do items with curse of vanishing disappear from shulker boxes?

Can an open source licence be revoked if it violates employer's IP?

SQL Server has encountered occurences of I/O requests taking longer than 15 seconds

Are soroban (Japanese abacus) classes worth doing?

Looking for an iPhone app for working out chess problems

How to know whether to write accidentals as sharps or flats?

How do you translate “talk shit”?

The last tree in the Universe

500 Error Page for HTTPS connection in Sitecore JSS in Connected Mode

Placeholders in my component doesn't show in Sitecore connected mode after a deploy - JSS - vueJsSitecore JSS with Vue - Json are not identical between connected and disconnected modeJSS start connected mode issueSitecore JSS installation errorError loading site in connected mode: Unknown type GraphQLConnectedDemoinvalid json response body - Headless SSR modeNewly created JSS react app does not start and show blank pageSitecore JSS import errorFetching data using GhraphQL Query Api mode404/500 error page implementation - ReactJS client

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

2

1

I'm trying to implement user authentication login and currently trying out to configure JSS connected mode to work with https (secure connection).

Following https://jss.sitecore.com/docs/techniques/authentication/sitecore-auth document.

I got my integrated site configured with https with local cert.

Now I'm try to use JSS start:connected to connect my app in secure channel, but I'm getting 500 error page.
But I can see data is correctly returned from the Layout service in the network tab.

Following error appears on the browser console

Access to XMLHttpRequest at
'https://hostname/sitecore/api/layout/render/jss?item=%2F&sc_lang=en&sc_apikey=%7BA%7D'
from origin 'http://localhost:3000' has been blocked by CORS policy:
The value of the 'Access-Control-Allow-Credentials' header in the
response is 'true, true' which must be 'true' when the request's
credentials mode is 'include'. The credentials mode of requests
initiated by the XMLHttpRequest is controlled by the withCredentials
attribute.

Any help would be highly appreciate

security jss

share|improve this question

edited May 30 at 12:38

Richard Seal♦

15.3k32864

asked May 30 at 8:09

scFootstepsscFootsteps

2,45011035

add a comment | 

2

1

I'm trying to implement user authentication login and currently trying out to configure JSS connected mode to work with https (secure connection).

Following https://jss.sitecore.com/docs/techniques/authentication/sitecore-auth document.

I got my integrated site configured with https with local cert.

Now I'm try to use JSS start:connected to connect my app in secure channel, but I'm getting 500 error page.
But I can see data is correctly returned from the Layout service in the network tab.

Following error appears on the browser console

Access to XMLHttpRequest at
'https://hostname/sitecore/api/layout/render/jss?item=%2F&sc_lang=en&sc_apikey=%7BA%7D'
from origin 'http://localhost:3000' has been blocked by CORS policy:
The value of the 'Access-Control-Allow-Credentials' header in the
response is 'true, true' which must be 'true' when the request's
credentials mode is 'include'. The credentials mode of requests
initiated by the XMLHttpRequest is controlled by the withCredentials
attribute.

Any help would be highly appreciate

security jss

share|improve this question

edited May 30 at 12:38

Richard Seal♦

15.3k32864

asked May 30 at 8:09

scFootstepsscFootsteps

2,45011035

add a comment | 

I'm trying to implement user authentication login and currently trying out to configure JSS connected mode to work with https (secure connection).

Following https://jss.sitecore.com/docs/techniques/authentication/sitecore-auth document.

I got my integrated site configured with https with local cert.

Now I'm try to use JSS start:connected to connect my app in secure channel, but I'm getting 500 error page.
But I can see data is correctly returned from the Layout service in the network tab.

Following error appears on the browser console

Access to XMLHttpRequest at
'https://hostname/sitecore/api/layout/render/jss?item=%2F&sc_lang=en&sc_apikey=%7BA%7D'
from origin 'http://localhost:3000' has been blocked by CORS policy:
The value of the 'Access-Control-Allow-Credentials' header in the
response is 'true, true' which must be 'true' when the request's
credentials mode is 'include'. The credentials mode of requests
initiated by the XMLHttpRequest is controlled by the withCredentials
attribute.

Any help would be highly appreciate

security jss

share|improve this question

edited May 30 at 12:38

Richard Seal♦

15.3k32864

asked May 30 at 8:09

scFootstepsscFootsteps

2,45011035

Access to XMLHttpRequest at
'https://hostname/sitecore/api/layout/render/jss?item=%2F&sc_lang=en&sc_apikey=%7BA%7D'
from origin 'http://localhost:3000' has been blocked by CORS policy:
The value of the 'Access-Control-Allow-Credentials' header in the
response is 'true, true' which must be 'true' when the request's
credentials mode is 'include'. The credentials mode of requests
initiated by the XMLHttpRequest is controlled by the withCredentials
attribute.

share|improve this question

edited May 30 at 12:38

Richard Seal♦

15.3k32864

asked May 30 at 8:09

scFootstepsscFootsteps

2,45011035

share|improve this question

edited May 30 at 12:38

Richard Seal♦

15.3k32864

asked May 30 at 8:09

scFootstepsscFootsteps

2,45011035

edited May 30 at 12:38

Richard Seal♦

15.3k32864

edited May 30 at 12:38

Richard Seal♦

15.3k32864

asked May 30 at 8:09

scFootstepsscFootsteps

2,45011035

asked May 30 at 8:09

scFootstepsscFootsteps

2,45011035

1 Answer
1

active

oldest

votes

4

It looks like the Access-Control-Allow-Credentials value was added twice, hence the value is shown as "true, true".

Try removing it first then add again.

<remove name="Access-Control-Allow-Credentials" />
<add name="Access-Control-Allow-Credentials" value="true" />

share|improve this answer

answered May 30 at 11:30

Fredric FooFredric Foo

636112

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Surely that was the reason. It seems to be adding from twice. So I just add remove entry and its started to work with data coming from secure path from layoutService
  
  – scFootsteps
  May 30 at 11:40
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "664"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsitecore.stackexchange.com%2fquestions%2f19051%2f500-error-page-for-https-connection-in-sitecore-jss-in-connected-mode%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

4

It looks like the Access-Control-Allow-Credentials value was added twice, hence the value is shown as "true, true".

Try removing it first then add again.

<remove name="Access-Control-Allow-Credentials" />
<add name="Access-Control-Allow-Credentials" value="true" />

share|improve this answer

answered May 30 at 11:30

Fredric FooFredric Foo

636112

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Surely that was the reason. It seems to be adding from twice. So I just add remove entry and its started to work with data coming from secure path from layoutService
  
  – scFootsteps
  May 30 at 11:40
  

  
  
  
  

add a comment | 

4

It looks like the Access-Control-Allow-Credentials value was added twice, hence the value is shown as "true, true".

Try removing it first then add again.

<remove name="Access-Control-Allow-Credentials" />
<add name="Access-Control-Allow-Credentials" value="true" />

share|improve this answer

answered May 30 at 11:30

Fredric FooFredric Foo

636112

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Surely that was the reason. It seems to be adding from twice. So I just add remove entry and its started to work with data coming from secure path from layoutService
  
  – scFootsteps
  May 30 at 11:40
  

  
  
  
  

add a comment | 

It looks like the Access-Control-Allow-Credentials value was added twice, hence the value is shown as "true, true".

Try removing it first then add again.

<remove name="Access-Control-Allow-Credentials" />
<add name="Access-Control-Allow-Credentials" value="true" />

share|improve this answer

answered May 30 at 11:30

Fredric FooFredric Foo

636112

<remove name="Access-Control-Allow-Credentials" />
<add name="Access-Control-Allow-Credentials" value="true" />

share|improve this answer

answered May 30 at 11:30

Fredric FooFredric Foo

636112

answered May 30 at 11:30

Fredric FooFredric Foo

636112

answered May 30 at 11:30

Fredric FooFredric Foo

636112