After spending many hours on this problem and still having no solution, maybe someone knows how to do the configuration on the IIS correctly, or knows a workaround in AppGyver.
The closest piece of information I found on this so far, which is an indicator why it’s not working was this:
Hi! Sorry for the late answer
Our guess would be the following: you’re using a wildcard in origin, which is not allowed when credentials are included.
Note Access-Control-Allow-Origin is prohibited from using a wildcard for requests with credentials: 'include' . In such cases, the exact origin must be provided; even if you are using a CORS unblocker extension, the requests will still fail.
Please see Using Fetch - Web APIs | MDN
Try whitelisting appgyver.com and app…
According to that and other sources, the IIS on the Server is now set to:
According to what I read, the “Access-Control-Allow-Origin” can not have multiple origins. Then the term “Vary” has to be used. At least that’s my understanding.
The headers response I get in Postman is this, where the API is also working perfectly fine.
The response I get in AppGyver is this
Hello, You may want to check the network trace from your browser just to make sure the error you are receiving with Appgyver Data Source integration is a CORS-related one. And if this is so then your only option is to have your API CORS-enabled. I hope that helps.
I just tested the exact same API call with Thunkable and it was no problem. I guess that will be my next destination.