What’s the reason of both "Allow-Origin: *" and "Allow-Credentials: true" headers?
MDN says that attempting to use Access-control-allow-origin: * with credentials should result in an error.
Taking this into account, why so many major companies’ APIs (spotify, twilio, among many others) return both Access-… Continue reading What’s the reason of both "Allow-Origin: *" and "Allow-Credentials: true" headers?