Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed

I'm using Angular and ASP.NET API. The issue I'm facing: when I add CORS in the API code, it works on Internet Explorer but does not work on Chrome and Firefox.

Here is the error:

XMLHttpRequest cannot load http://localhost:41028/api/values/abc. The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Origin 'http://localhost:44796' is therefore not allowed access.

This is the code I added in the web.config file:

<system.webServer> ... <httpProtocol>   <customHeaders>       <!-- Adding the following custom HttpHeader will help prevent CORS errors -->       <add name="Access-Control-Allow-Origin" value="*" />       <add name="Access-Control-Allow-Headers" value="Content-Type" />   </customHeaders> </httpProtocol> ... </system.webServer> 

In the WebApiConfigFile.cs file I added:

var CorsAttribute = new EnableCorsAttribute("* ","* ", "* ");         config.EnableCors(CorsAttribute); 

I'm using CORS for the first time. Any help will be appreciated.

like image 679
trigri Avatar asked Apr 08 '15 19:04

trigri


People also ask

Is the Access-Control allow Origin header contains multiple values?

The 'Access-Control-Allow-Origin' header contains multiple values, but only one is allowed.

How do I set up multiple Access-Control allow origin?

Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you would like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.

What is Access-Control allow headers?

The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request. This header is required if the request has an Access-Control-Request-Headers header.

What is Enablecors in Web API?

PDFRSS. Cross-origin resource sharing (CORS) is a browser security feature that restricts cross-origin HTTP requests that are initiated from scripts running in the browser. If your REST API's resources receive non-simple cross-origin HTTP requests, you need to enable CORS support.


1 Answers

You are setting CORS twice. I think that is the issue.

Please remove any one CORS settings. You can either remove it from web.config or from WebApiConfigFile.cs.

like image 97
Abhilash Augustine Avatar answered Oct 14 '22 18:10

Abhilash Augustine