CORS problem- REST WEB API , Calling using JQuery-Ajax

Abhilash Nagar
Abhilash Nagar used Ask the Experts™
on
Access to XMLHttpRequest at 'http://someURL' from origin 'http://someURL' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.


This is a call to a REST API controller action method. I enabled CORS on the top of controller like below:
[EnableCors(origins: "*", headers: "*", methods: "*")]
 public class TestController : ApiController
    {
    }

Open in new window


Also in the web.config:

<httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Credentials" value="true" />
        <add name="Access-Control-Allow-Headers" value="Content-Type" />
        <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE" />
		<add name="Access-Control-Allow-Origin" value="*" />
      </customHeaders>
    </httpProtocol>

Open in new window


Any ideas please thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Ryan ChongSoftware Team Lead

Commented:
what if you comment out:

[EnableCors(origins: "*", headers: "*", methods: "*")]

Open in new window


or

<add name="Access-Control-Allow-Origin" value="*" />

Open in new window


?
Abhilash Nagar.NET Developer

Author

Commented:
Thanks for the response. I removed
<add name="Access-Control-Allow-Origin" value="*" /> from web.config

Now it is giving below:

 Access to XMLHttpRequest at ' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Abhilash Nagar.NET Developer

Author

Commented:
These are my browser header responses :

Request URL: http://test/login
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: localhost
Referrer Policy: no-referrer-when-downgrade


Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE
Access-Control-Allow-Origin: *, *
Cache-Control: no-cache
Content-Length: 0
Date: Tue, 30 Apr 2019 05:37:40 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET


Provisional headers are shown
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://localhost
Referer: http://localhost/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Ryan ChongSoftware Team Lead

Commented:
it seems that the problem is remained:

>> Access-Control-Allow-Origin: *, *

it should be something like this instead:

Access-Control-Allow-Origin: *

have you tried rebuild your solution and/ or restart the IIS services?
Abhilash Nagar.NET Developer

Author

Commented:
I did again please see below:


Request URL: http://test/login
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: 10.10.11.15:5910
Referrer Policy: no-referrer-when-downgrade

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE
Access-Control-Allow-Origin: *


Provisional headers are shown
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin:  http://localhost
Referer: http://localhost/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Ryan ChongSoftware Team Lead

Commented:
so, is there any error now?
Abhilash Nagar.NET Developer

Author

Commented:
Now it is giving 2 errors :

 Failed to load resource: the server responded with a status of 404 (Not Found)

login.html:1 Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

But same call if i use Postman and run it is working fine and giving me correct results. But not in the normal browser.
Abhilash Nagar.NET Developer

Author

Commented:
I just identified that
Main URL contains something like http://localhost

and the WebAPI URL contains ipaddress rather then localhost. This is the reason CORS is blocking it.

When i changed WEBAPI URL from  http://10.10  to http://localhost , it start to work.

But i need IP address not localhost in the URL.

Thanks.
.NET Developer
Commented:
Thanks for your help.

I just identified that
Main URL contains something like http://localhost

and the WebAPI URL contains ipaddress rather then localhost. This is the reason CORS is blocking it.

When i changed WEBAPI URL from  http://10.10  to http://localhost , it start to work.



Thanks.
Abhilash Nagar.NET Developer

Author

Commented:
Thanks for your help, it helped me to analyze it fully and speed up the fix process.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial