I'm using Angular and ASP.NET API. The issue I'm facing: when I add CORS in the API code, it works on Internet Explorer but does not work on Chrome and Firefox.
Here is the error:
XMLHttpRequest cannot load http://localhost:41028/api/values/abc. The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Origin 'http://localhost:44796' is therefore not allowed access.
This is the code I added in the web.config
file:
<system.webServer> ... <httpProtocol> <customHeaders> <!-- Adding the following custom HttpHeader will help prevent CORS errors --> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="Content-Type" /> </customHeaders> </httpProtocol> ... </system.webServer>
In the WebApiConfigFile.cs
file I added:
var CorsAttribute = new EnableCorsAttribute("* ","* ", "* "); config.EnableCors(CorsAttribute);
I'm using CORS for the first time. Any help will be appreciated.
The 'Access-Control-Allow-Origin' header contains multiple values, but only one is allowed.
Sounds like the recommended way to do it is to have your server read the Origin header from the client, compare that to the list of domains you would like to allow, and if it matches, echo the value of the Origin header back to the client as the Access-Control-Allow-Origin header in the response.
The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request. This header is required if the request has an Access-Control-Request-Headers header.
PDFRSS. Cross-origin resource sharing (CORS) is a browser security feature that restricts cross-origin HTTP requests that are initiated from scripts running in the browser. If your REST API's resources receive non-simple cross-origin HTTP requests, you need to enable CORS support.
You are setting CORS twice. I think that is the issue.
Please remove any one CORS settings. You can either remove it from web.config
or from WebApiConfigFile.cs
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With