Reputation: 3317
Web API CORS does not return correct Access-Control-Allow-Origin header
Trying to understand and debug an issue with a CORS setup on WebAPI 2. My front-end angular/javascript application communicates with my API at
which sometimes returns the following error:
The 'Access-Control-Allow-Origin' header has a value 'http://example.com' that is not equal to the supplied origin. Origin 'http://www.example.com' is therefore not allowed access.
Testing the api link on Fiddler returns the following in the headers:
Access-Control-Allow-Origin: http://example.com
Why would this happen and how do I address this situation?
Upvotes: 0
Views: 638
Answers (1)
Reputation: 5596
It appears that you have calls to both types of domain/URL in your client-side code.
Based on that assumption, CORS should be specified for both domains i.e.
http://example.com
http://www.example.com
References:
- https://www.w3.org/TR/cors/#access-control-allow-origin-response-header
- Access-Control-Allow-Origin wildcard subdomains, ports and protocols
Upvotes: 1
Related Questions
- MVC web api: No 'Access-Control-Allow-Origin' header is present on the requested resource
- Issue: No 'Access-Control-Allow-Origin' header is present on the requested resource
- CORS problems no 'access control allow origin header' is present on the requested resource
- Error "No 'Access-Control-Allow-Origin'", but cors allows everything
- Calling from Angular JS to web API error: The 'Access-Control-Allow-Origin' header contains multiple values, Origin is therefore not allowed access
- CORS error - No 'Access-Control-Allow-Origin' header is present on the requested resource
- ASP.NET Web API CORS not working with AngularJS
- AngularJS CORS Issues
- Still having "No 'Access Control Allow Origin' header is present on the requested resource" error after adding Access-Control-Allow-Origin: *
- WebApi CORs - Access-Control-Allow-Origin header is present on request error