CODEWITHSUNDEEP
asp.net-web-api
José MN
José MN

Reputation: 125

The 'Access-Control-Allow-Origin' header contains multiple values ' ', '*'

I am working with ASP.NET WEB Api, and I'm using authentication Token, Internet Explorer generates the Token string:

enter image description here

But using any other browser shows the following error :

The 'Access-Control-Allow-Origin' header contains multiple values

enter image description here

AJAX code:

function ObtenerToken(user, password) {

            var data = { username: user, password: password, grant_type: "password" }

            $.ajax({
                url: 'http://localhost:50196/Token',
                method: "post",
                data: data,
                contentType: "application/json",
                error: function (e) {
                    alert('Hubo un error al intentar autenticar al usuario.');
                    console.log(e);
                },
                success: function (response) {
                    var token = response.access_token;
                    alert(token);

                }
            });
        }

The file Startup.Auth.cs i have set the following

app.UseCors(CorsOptions.AllowAll);

In WebApiConfig.cs

EnableCorsAttribute cors = new EnableCorsAttribute("*", "*", "*");
            config.EnableCors(cors);

And in class Controller:

[EnableCors(origins: "*", headers: "*", methods: "*")]
    public class UsuariosController : ApiController
    {

Upvotes: 0

Views: 888

Answers (2)

dichen
dichen

Reputation: 1633

You need to enable cors.

    public void Configuration(IAppBuilder app)
    {
        HttpConfiguration config = new HttpConfiguration();

        app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
        ConfigureOAuth(app);

        WebApiConfig.Register(config);

        // Make sure this line is called before ConfigureAuth(app), 
        // app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);

        app.UseWebApi(config);
    }

Upvotes: 1

melicent
melicent

Reputation: 1251

I'm pretty sure this is because you're adding the Access-Control-Allow-Origin header in all three of those places. You should enable CORS in Startup.Auth.cs, in WebApiConfig.cs, OR in the controller - one of these places, not all three.

Upvotes: 1

Related Questions