Is it possible to disable cors fully for testing? ...
# support-questions
Is it possible to disable cors fully for testing? I’m getting an error saying that wildcard can’t be used when credentials mode is ‘include’
Uhmm. If your frontend and backend domains are the same, CORS won't be needed then.
But otherwise, you will have to use CORS im afraid. No getting around that..
Also, if you are not using cookies, then you don't need to use
credentials: include
During testing browser is localhost but testing against a deployed dev sever.
Dev server also has a deployed dev app. So this is just a case of local testing against a hosted server… postman works fine, but cors is preventing the frontend developer from being able to test locally against the dev server
Other cases the backend dev is using ngrok to expose his local server… and the frontend dev is trying to debug locally but using that developers ngrok instance.
So in these cases we need to configure cors to with a wildcard.
Our existing Authenticator works fine in this way, we just can’t get supertokens to work on this setup
hmmm. I see.
Can we get on a call to explore options for solutions?
If yes, please feel free to book a time here:
I’ll try a few more things first… I just need cors to work with wildcard domain. Is that possible with suportoken?
I just found the anticsrf = none… I’ll try that
> Is that possible with suportoken? I'll have to get back to you on this.
Hey @User you could try and disable cors in chrome by doing this:
(Of course this is only for development purposes)
Would this work for you?
Will test