发表新帖
发表新帖

The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed

前端 未结
关注
5 482
被撕碎了的回忆
被撕碎了的回忆 2021-02-02 08:49

I\'m using Angular and ASP.NET API. The issue I\'m facing: when I add CORS in the API code, it works on Internet Explorer but does not work on Chrome and Firefox.

Here i

相关标签:
5条回答
  • 谎友^
    2021-02-02 09:21

    Chrome and Firefox use what is called a pre-flight check using the "OPTIONS" verb.

    So, you have to add "OPTIONS" to the allowed methods in the web.config. You also may have to add some code to the Application_Begin request, like this answer suggests: Handling CORS Preflight requests to ASP.NET MVC actions

    Here are some resources for CORS:

    IIS hijacks CORS Preflight OPTIONS request

    http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api

    0 讨论(0)
  • 春和景丽
    2021-02-02 09:22

    I had the same issue. After I put the exact domain instead of * (see below), it worked for me.

    var CorsAttribute = new EnableCorsAttribute("https://www.mywebsite.com","", ""); config.EnableCors(CorsAttribute);

    0 讨论(0)
  • 伪装坚强ぢ
    2021-02-02 09:26

    I got this issue because I put the app.UseCors after ConfigureOAuth. Change the order fix the problem.

        public void Configuration(IAppBuilder app)
    {
        HttpConfiguration config = new HttpConfiguration();

        app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
        ConfigureOAuth(app);

        WebApiConfig.Register(config);

        // Used to put this line after ConfigureAuth(app), 
        // app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);

        app.UseWebApi(config);
    }

    Here is the detail in my case:

    • At the beginning I got Origin is not allowed in 'Access-Control-Allow-Origin', when calling \token.
    • LSo I add the customHeader including 'Access-Control-Allow-Origin', 'Access-Control-Allow-headers', 'Access-Control-Allow-methods'. It fixed the \token request.
    • But then I got duplicate 'Access-Control-Allow-Origin' when calling detail api. There are a lot suggestions, such as this just couldn't fix.
    0 讨论(0)
  • 情歌与酒
    2021-02-02 09:28

    You are setting CORS twice. I think that is the issue.

    Please remove any one CORS settings. You can either remove it from web.config or from WebApiConfigFile.cs.

    0 讨论(0)
  • 轮回少年
    2021-02-02 09:28

    All other solutions provided for webAPI. This solution is for when you using webservice(.asmx) as API

    Remove 'Access-Control-Allow-Origin' details from either in Global.asax.cs file's begin_request function or in web.config. Because this setting must be in one place only

    0 讨论(0)
 看不清?
提交回复
热议问题