'Access-Control-Allow-Origin' must not be the wildcard'*'

I call b.com "s API across domains under a.com: 

return HttpService.ajax({
    url: config.URL_GET_GIFT,
    type: "GET",
    dataType: "json",
    data: params,
    xhrFields:{
        withCredentials:true
    }
});

then configure nginx to

under b.com 
-sharp
map $http_origin $other_domain {
    default  0;
    "~http://m.jd.id" http://m.jd.id;
    "~https://m.jd.id" https://m.jd.id;
}

server {
    listen 80;
    server_name vip.jd.id;

    
    location / {
        proxy_pass http://127.0.0.1:8100/;

        proxy_set_header Cookie $http_cookie;
        proxy_cookie_domain localhost nginx_server;
        add_header Access-Control-Allow-Origin http://a.com;
        add_header Access-Control-Allow-Headers Content-Type;
        add_header Access-Control-Allow-Methods GET,POST,OPTIONS;
        add_header Access-Control-Allow-Credentials true;
    }
}

nginx in a.com is configured as
server {

listen 80;
server_name a.id;

location / {
    proxy_pass http://127.0.0.1:8097/;
}

}

at the same time, the b.com background is configured: 

corsConfiguration.addAllowedOrigin("http://a.com/");

but there was an error in the console: 

The value of the "Access-Control-Allow-Origin" header in the response must not be the wildcard "*" when the request"s credentials mode is "include". Origin "http://a.com" is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

could you tell me how to solve the problem?

Cross-domain javascript
Sep.08,2021

Cross-domain if you want to bring cookie, Access-Control-Allow-Origin , you cannot set it to * . You need to specify a specific domain name .
in other words:
Access-Control-Allow-Credentials: true and Access-Control-Allow-Origin: * cannot be used at the same time.

The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard' * 'when the request's credentials mode is' include'. Origin' http://a.com' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

do not write clearly, do not allow *, then you can write a specific domain name.

Access-Control-Allow-Origin should be written as the specified domain name, not *

Previous: Ask for help, why can't this append display?

Next: How to regroup the queried data?

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b2c555-2bb18.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b2c555-2bb18.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?