Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The 'Access-Control-Allow-Origin' header contains multiple values 'https://mysite.com/path, *', but only one is allowed. #34

Open
ipolegbunin opened this issue Jan 4, 2016 · 3 comments

Comments

@ipolegbunin
Copy link

@ipolegbunin ipolegbunin commented Jan 4, 2016

Could you please add removal of original "Access-Control-Allow-Origin" header before adding "Access-Control-Allow-Origin: *".

Without that fix I have the following error:

XMLHttpRequest cannot load https://externaldomain.com. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost.localdomain:8080' is therefore not allowed access.

XMLHttpRequest cannot load https://externaldomain.com/path. The 'Access-Control-Allow-Origin' header contains multiple values 'https://localhost.localdomain, *', but only one is allowed. Origin 'http://localhost.localdomain:8080' is therefore not allowed access.

@kadkaz

This comment has been minimized.

Copy link

@kadkaz kadkaz commented Jan 13, 2016

The same problem. using Access-Control-Expose-Headers as
{code}
Access-Control-Allow-Origin: http://my.origin.url
{code}
does not help.

Please use instead of * the origin then it will work anyway with credentials or without.

@blukis

This comment has been minimized.

Copy link

@blukis blukis commented Jan 6, 2017

Same problem here. Doing some digging, looks like bug #7 was reintroduced in v1.0.3. Headers are comparing case-sensitively, and so duplicating the Access-Control-Allow-Origin http header when case doesn't match. :(

@leitwolf

This comment has been minimized.

Copy link

@leitwolf leitwolf commented Feb 15, 2017

Use this plugin: Access-Control-Allow-Credentials: true instead:
https://chrome.google.com/webstore/detail/access-control-allow-cred/hmcjjmkppmkpobeokkhgkecjlaobjldi
you must re-enable it when start chrome everytime.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.