Access-Control-Allow-Origin icon indicating copy to clipboard operation
Access-Control-Allow-Origin copied to clipboard

Published 20 hours ago verified publisher icon vitvad

The 'Access-Control-Allow-Origin' header contains multiple values 'https://mysite.com/path, *', but only one is allowed.

Open ipolegbunin opened this issue 9 years ago • 3 comments

Could you please add removal of original "Access-Control-Allow-Origin" header before adding "Access-Control-Allow-Origin: *".

Without that fix I have the following error:

XMLHttpRequest cannot load https://externaldomain.com. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost.localdomain:8080' is therefore not allowed access.

XMLHttpRequest cannot load https://externaldomain.com/path. The 'Access-Control-Allow-Origin' header contains multiple values 'https://localhost.localdomain, *', but only one is allowed. Origin 'http://localhost.localdomain:8080' is therefore not allowed access.

ipolegbunin avatar Jan 04 '16 09:01 ipolegbunin

The same problem. using Access-Control-Expose-Headers as {code} Access-Control-Allow-Origin: http://my.origin.url {code} does not help.

Please use instead of * the origin then it will work anyway with credentials or without.

kadkaz avatar Jan 13 '16 16:01 kadkaz

Same problem here. Doing some digging, looks like bug #7 was reintroduced in v1.0.3. Headers are comparing case-sensitively, and so duplicating the Access-Control-Allow-Origin http header when case doesn't match. :(

blukis avatar Jan 06 '17 20:01 blukis

Use this plugin: Access-Control-Allow-Credentials: true instead: https://chrome.google.com/webstore/detail/access-control-allow-cred/hmcjjmkppmkpobeokkhgkecjlaobjldi you must re-enable it when start chrome everytime.

leitwolf avatar Feb 15 '17 13:02 leitwolf