cors and XMLHttpRequest is controlled by the withCredentials

[hafriz]

hi, Does anyone have a problem with the access allow origin header setting? I'm set it as "*" the widget successfully shown, but the chat form seems missing, and when look at the console shows this error.

it is working if I set access-control-allow-origin = https://a.com but somehow I want to show my livehelperchat widget in multiple domain platform

Access to XMLHttpRequest at 'https://a.com/index.php/widgetrestapi/submitonline' from origin 'https://a.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

[remdex]

Take a look at this
https://doc.livehelperchat.com/docs/integrating#what-if-you-have-to-limitate-the-widget-to-few-domain-and-subdomain

[hafriz]

hi remdex, have done that,

Access to XMLHttpRequest at 'https://a.com/index.php/widgetrestapi/settings?' from origin 'https://a.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, ', but only one is allowed.

Take a look at this https://doc.livehelperchat.com/docs/integrating#what-if-you-have-to-limitate-the-widget-to-few-domain-and-subdomain

[remdex]

PHP files themself set's headers. So you are duplicating something with your config.... It's server peroblems where lhc itself has nothing to do with your server setup :)