True, this was reported on more than one topic:
Don't know if this is the exact case, but asked chatgpt because remember having a lot of troubles: Credential is not supported if the CORS header 'Access-Control-Allow-Origin' is '*'
Using a wildcard (
*) for theAccess-Control-Allow-Originheader in your CORS configuration indeed prevents cookies from being included in cross-origin requests. This is because theAccess-Control-Allow-Originheader must specify the exact origin when dealing with credentials (cookies, HTTP authentication, client-side SSL certificates).
When you setAccess-Control-Allow-Originto*, it indicates that any origin can access the resource. However, for security reasons, browsers block credentials from being sent if the CORS policy is too permissive. Specifically, the combination ofAccess-Control-Allow-Origin: *andAccess-Control-Allow-Credentials: trueis not allowed because it poses a security risk by potentially exposing sensitive data to unauthorized origins.
Sorry but don't really understand how this is different 
It's something new and I should expect a different behavior than the last year?
Will do more test about it, query is working, not sure about login and storing cookies..