'CORS issue only when revoking Token by calling (Google Identity Services) GIS's google.accounts.oauth2.revoke
I am trying to invoke GSI Javascript google.accounts.oauth2.revoke method. Under the hood it sends a request to https://oauth2.googleapis.com/revoke. However there is CORS issue:
await new Promise(r => google.accounts.oauth2.revoke(token, r));
Access to XMLHttpRequest at 'https://oauth2.googleapis.com/revoke' from origin 'https://localhost:44397' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
These are CORS-related response headers:
access-control-allow-origin: https://localhost:44397
access-control-expose-headers: date,vary,vary,vary,content-encoding,server,content-length
All other functions are working well however. Is it a bug on Google's side or my code? If it's Google's where do I report it? If it's my issue, what did I do wrong?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|