{
  "id": "grpc/grpc-web-cors-credentials",
  "signature": "INTERNAL: grpc-web: CORS preflight failed for origin http://example.com with credentials flag",
  "signature_zh": "内部错误：gRPC-Web：源 http://example.com 的 CORS 预检因凭据标志失败",
  "regex": "CORS preflight failed for origin .+ with credentials flag",
  "domain": "grpc",
  "category": "config_error",
  "subcategory": null,
  "root_cause": "Browser enforces CORS preflight check fails because the server doesn't include Access-Control-Allow-Credentials header when the client sends withCredentials: true.",
  "root_cause_type": "generic",
  "root_cause_zh": "浏览器强制执行 CORS 预检检查失败，因为当客户端发送 withCredentials: true 时，服务器未包含 Access-Control-Allow-Credentials 标头。",
  "versions": [
    {
      "version": "Envoy v1.29.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "gRPC-Web v1.4.2",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "gRPC-Web v1.5.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Istio v1.21.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "Disabling CORS entirely in the browser",
      "why_fails": "Browsers enforce CORS; it cannot be disabled by client code.",
      "fail_rate": 0.99,
      "condition": "",
      "sources": []
    },
    {
      "action": "Adding Access-Control-Allow-Origin: * only",
      "why_fails": "With credentials, the origin must be explicit, not wildcard.",
      "fail_rate": 0.9,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Configure the proxy (Envoy/NGINX) to return Access-Control-Allow-Credentials: true and Access-Control-Allow-Origin: http://example.com explicitly.",
      "success_rate": 0.9,
      "how": "Configure the proxy (Envoy/NGINX) to return Access-Control-Allow-Credentials: true and Access-Control-Allow-Origin: http://example.com explicitly.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Remove `withCredentials: true` from the client if authentication is not required for the RPC.",
      "success_rate": 0.7,
      "how": "Remove `withCredentials: true` from the client if authentication is not required for the RPC.",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "配置代理（Envoy/NGINX）显式返回 Access-Control-Allow-Credentials: true 和 Access-Control-Allow-Origin: http://example.com。",
    "如果 RPC 不需要身份验证，从客户端移除 `withCredentials: true`。"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://github.com/grpc/grpc-web/blob/master/doc/cors.md",
  "official_doc_section": null,
  "error_code": "ECORS",
  "verification_tier": "ai_generated",
  "confidence": 0.9,
  "fix_success_rate": 0.88,
  "resolvable": "true",
  "first_seen": "2024-07-10",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}