Menu
i'm trying to send get request to api like it's a login url
var url = "http://demo.software.travel/gptp/api/authorization?apiKey=****&alias=****&login=****&password=****"
$.get(url, function(data) {
console.log(data);
});
i'm getting this in my console this error
XMLHttpRequest cannot load http://demo.software.travel/gptp/api/authorization?apiKey=****&alias=****&login=****&password=****. The 'Access-Control-Allow-Origin' header contains multiple values 'http://travellights.net, *', but only one is allowed. Origin 'http://travellights.net' is therefore not allowed access.
i'm trying to see questions here to solve it but i didn't get what i need to change, this is annoying actually.
The 'Access-Control-Allow-Origin' header contains multiple values
this solved by asp.net web.congif
By the way i'm using CHROME BROWSER any help i appreciate.
UPDATE response headers:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:origin, x-requested-with, Content-Type, accept, Token
Access-Control-Allow-Methods:GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Access-Control-Allow-Origin:http://travellights.net
Access-Control-Allow-Origin:*
Connection:close
Content-Encoding:gzip
Content-Type:application/json;charset=utf-8
Date:Thu, 02 Jun 2016 16:41:18 GMT
Server:nginx/1.1.19
Set-Cookie:JSESSIONID=51FEE1A1206B9B481DD3EEA4167A9256; Path=/gptp
Vary:Origin
Vary:Accept-Encoding
X-UA-Compatible:IE=EmulateIE7
Request Headers:
Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,ar;q=0.6,en-GB;q=0.4
Connection:keep-alive
Host:demo.software.travel
Origin:http://travellights.net
Referer:http://travellights.net/b2b/Pages/login?
User-Agent:Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
237
asked Jun 02 '16 14:06
The 'Access-Control-Allow-Origin' header contains multiple values, but only one is allowed. When defining multiple domains separated by coma in Settings > Advanced > Security > AccessControlAllowOrigin, they are not taken into account. It works when defined only one.
The Access-Control-Allow-Origin response header indicates whether the response can be shared with requesting code from the given origin.
This error occurs when a script on your website/web app attempts to make a request to a resource that isn't configured to accept requests coming from code that doesn't come from the same (sub)domain, thus violating the Same-Origin policy.
If you set "Full" CORS (with OPTION pre-request) on in nginx by add 'access-control-allow-origin *' and independently you add that header (for Simple CORS - without OPTION pre-request) to each response in SERVER (eg. php):
header('Access-Control-Allow-Origin', "*");
Then you will get this problem. Solution: remove code which add this header in server if already you add this header in your nginx config :)
I found this advice here
109
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
