The ‘Access-Control-Allow-Origin’ header contains multiple values

by

We ran into this problem because we had set up CORS according to best practice (e.g. http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api) AND ALSO had a custom header <add name="Access-Control-Allow-Origin" value="*"/> in web.config.

Remove the web.config entry, and all is well.

Contrary to @mww’s answer, we still have EnableCors() in the WebApiConfig.cs AND an EnableCorsAttribute on the controller. When we took out one or the other, we ran into other issues.

More Related Contents:

  1. How to make CORS Authentication in WebAPI 2?
  2. Exceptions in ASP.NET Web API custom exception handler never reach top level when CORS is enabled
  3. Does IMDB provide an API? [closed]
  4. Why do we have to specify FromBody and FromUri?
  5. 401 response for CORS request in IIS with Windows Auth enabled
  6. So, JSONP or CORS? [closed]
  7. Error :Request header field Content-Type is not allowed by Access-Control-Allow-Headers
  8. Enable CORS in Web API 2
  9. Attribute routing and inheritance
  10. CORS support for PUT and DELETE with ASP.NET Web API
  11. Overload web api action method based on parameter type
  12. MVC web api: No ‘Access-Control-Allow-Origin’ header is present on the requested resource
  13. Web API: how to access multipart form values when using MultipartMemoryStreamProvider?
  14. MVC5, Web API 2 and Ninject
  15. AngularJS CORS Issues
  16. IIS hijacks CORS Preflight OPTIONS request
  17. Constructor Dependency Injection WebApi Attributes
  18. How to authorize CORS preflight request on IIS with Windows Authentication
  19. How can I use JSON on the web page from a source with neither CORS nor JSONP? [closed]
  20. Hosting WebAPI using OWIN in a windows service
  21. WebAPI CORS with Windows Authentication – allow Anonymous OPTIONS request
  22. MVC Web API not working with Autofac Integration
  23. WebApi Help Page: don’t escape HTML in XML documentation
  24. OData V4 modify $filter on server side
  25. How to use Container instead of ObjectFactory in StructureMap ServiceActivator?
  26. CORS enabled but response for preflight has invalid HTTP status code 404 when POSTing JSON
  27. Allowing frontend JavaScript POST requests to https://accounts.spotify.com/api/token endpoint
  28. Slack incoming webhook: Request header field Content-type is not allowed by Access-Control-Allow-Headers in preflight response
  29. Access to XMLHttpRequest has been blocked origin ASP.NET CORE 2.2.0 / Angular 8 / signalr1.0.0 [(CORS Policy-Access-Control-Allow-Origin) failed]
  30. Request.Content.ReadAsMultipartAsync never returns

Leave a Comment