crossorigin.me icon indicating copy to clipboard operation
crossorigin.me copied to clipboard

Published 20 hours ago verified publisher icon hyperobject

Header contains multiple values

Open david-poindexter opened this issue 8 years ago • 4 comments

I am seeing the following now when using crossorigin.me.

XMLHttpRequest cannot load https://crossorigin.me/http://mydomain/api. The 'Access-Control-Allow-Origin' header contains multiple values '*, https://creator.ionic.io', but only one is allowed. Origin 'https://creator.ionic.io' is therefore not allowed access.

Did something change regarding the header? It was working fine before and I have confirmed nothing has changed on the Ionic Creator side of things.

--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/40115687-header-contains-multiple-values?utm_campaign=plugin&utm_content=tracker%2F12536595&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F12536595&utm_medium=issues&utm_source=github).

david-poindexter avatar Dec 15 '16 22:12 david-poindexter

Please can we see the full HTTP request/response? Thanks. :)

tjvr avatar Dec 16 '16 11:12 tjvr

Sure thing...here is one example:

` General Request URL:https://crossorigin.me//http://www.concorddowntown.com/DesktopModules/DnnSharp/DnnApiEndpoint/Api.ashx?method=CDDCNews Request Method:GET Status Code:522 Remote Address:104.31.64.208:443

Response Headers cache-control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray:3154e8e72ff156d5-IAD content-type:text/html; charset=UTF-8 date:Thu, 22 Dec 2016 16:22:27 GMT expires:Thu, 01 Jan 1970 00:00:01 GMT pragma:no-cache server:cloudflare-nginx set-cookie:__cfduid=da784d2a47db1ccd06d859a1a34c456111482423716; expires=Fri, 22-Dec-17 16:21:56 GMT; path=/; domain=.crossorigin.me; HttpOnly status:522 x-frame-options:SAMEORIGIN

Request Headers :authority:crossorigin.me :method:GET :path://http://www.concorddowntown.com/DesktopModules/DnnSharp/DnnApiEndpoint/Api.ashx?method=CDDCNews :scheme:https accept:application/json, text/plain, / accept-encoding:gzip, deflate, sdch, br accept-language:en-US,en;q=0.8 cache-control:no-cache origin:https://creator.ionic.io pragma:no-cache referer:https://creator.ionic.io/app/designer/6db8c36f61ad user-agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36

Query String Parameters view source view URL encoded method:CDDCNews `

david-poindexter avatar Dec 22 '16 16:12 david-poindexter

I was stuck in this issue too.

ihac avatar Jun 20 '17 00:06 ihac

I'm having this issue too. Example request from localhost:8000 -

GET https://crossorigin.me/http://apiv3.iucnredlist.org/api/v3/species/gorilla+gorilla

(note the duplicate access-control-allow-origin entries in the response headers)

image

maackle avatar Mar 23 '18 00:03 maackle