问题
Calling a rest api from a customer's web api and it's returning duplicate Access-Control-Allow-Origin: * and it causing COR errors.
I've tested locally and the duplicate does cause the error whereas a single Access-Control-Allow-Origin: * works.
Is there a way around this from my side when calling the GET?
HTTP/1.1 200 OK
Date: Wed, 28 Nov 2012 19:40:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
Set-Cookie: TargetToken=AB3Hirk0TNDPCfVY6LZd1Fs1; Expires=Fri, 28-Nov-2014 19:40:10 G11T; Path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/xml; charset=utf-8
Content-Length: 590
XMLHttpRequest cannot load http://target.com/api/getstuff?stuffid=4. Origin http://mysite.com is not allowed by Access-Control-Allow-Origin.
回答1:
The CORS spec explicitly states that multiple Access-Control-Allow-Origin headers are not allowed: http://www.w3.org/TR/cors/#resource-sharing-check-0
Is there any way to convince the client to fix their server implementation?
来源:https://stackoverflow.com/questions/13614316/duplicate-access-control-allow-origin-causing-cor-error