CORS problem- REST WEB API , Calling using JQuery-Ajax

Access to XMLHttpRequest at 'http://someURL' from origin 'http://someURL' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.


This is a call to a REST API controller action method. I enabled CORS on the top of controller like below:
[EnableCors(origins: "*", headers: "*", methods: "*")]
 public class TestController : ApiController
    {
    }

Open in new window


Also in the web.config:

<httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Credentials" value="true" />
        <add name="Access-Control-Allow-Headers" value="Content-Type" />
        <add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE" />
		<add name="Access-Control-Allow-Origin" value="*" />
      </customHeaders>
    </httpProtocol>

Open in new window


Any ideas please thanks.
Abhilash Nagar.NET DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ryan ChongSoftware Team LeadCommented:
what if you comment out:

[EnableCors(origins: "*", headers: "*", methods: "*")]

Open in new window


or

<add name="Access-Control-Allow-Origin" value="*" />

Open in new window


?
Abhilash Nagar.NET DeveloperAuthor Commented:
Thanks for the response. I removed
<add name="Access-Control-Allow-Origin" value="*" /> from web.config

Now it is giving below:

 Access to XMLHttpRequest at ' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Abhilash Nagar.NET DeveloperAuthor Commented:
These are my browser header responses :

Request URL: http://test/login
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: localhost
Referrer Policy: no-referrer-when-downgrade


Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE
Access-Control-Allow-Origin: *, *
Cache-Control: no-cache
Content-Length: 0
Date: Tue, 30 Apr 2019 05:37:40 GMT
Expires: -1
Pragma: no-cache
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET


Provisional headers are shown
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://localhost
Referer: http://localhost/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Ryan ChongSoftware Team LeadCommented:
it seems that the problem is remained:

>> Access-Control-Allow-Origin: *, *

it should be something like this instead:

Access-Control-Allow-Origin: *

have you tried rebuild your solution and/ or restart the IIS services?
Abhilash Nagar.NET DeveloperAuthor Commented:
I did again please see below:


Request URL: http://test/login
Request Method: OPTIONS
Status Code: 200 OK
Remote Address: 10.10.11.15:5910
Referrer Policy: no-referrer-when-downgrade

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET,POST,PUT,DELETE
Access-Control-Allow-Origin: *


Provisional headers are shown
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin:  http://localhost
Referer: http://localhost/login.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.86 Safari/537.36
Ryan ChongSoftware Team LeadCommented:
so, is there any error now?
Abhilash Nagar.NET DeveloperAuthor Commented:
Now it is giving 2 errors :

 Failed to load resource: the server responded with a status of 404 (Not Found)

login.html:1 Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

But same call if i use Postman and run it is working fine and giving me correct results. But not in the normal browser.
Abhilash Nagar.NET DeveloperAuthor Commented:
I just identified that
Main URL contains something like http://localhost

and the WebAPI URL contains ipaddress rather then localhost. This is the reason CORS is blocking it.

When i changed WEBAPI URL from  http://10.10  to http://localhost , it start to work.

But i need IP address not localhost in the URL.

Thanks.
Abhilash Nagar.NET DeveloperAuthor Commented:
Thanks for your help.

I just identified that
Main URL contains something like http://localhost

and the WebAPI URL contains ipaddress rather then localhost. This is the reason CORS is blocking it.

When i changed WEBAPI URL from  http://10.10  to http://localhost , it start to work.



Thanks.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Abhilash Nagar.NET DeveloperAuthor Commented:
Thanks for your help, it helped me to analyze it fully and speed up the fix process.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
webapi

From novice to tech pro — start learning today.