“Access-Control-Allow-Origin"标头包含多个值 [英] The 'Access-Control-Allow-Origin' header contains multiple values

问题描述

我在客户端使用 AngularJS $http 来访问服务器端的 ASP.NET Web API 应用程序的端点.由于客户端与服务器托管在不同的域中，因此我需要 CORS.它适用于 $http.post(url, data).但是一旦我对用户进行身份验证并通过 $http.get(url) 发出请求，我就会收到消息

<前>'Access-Control-Allow-Origin' 标头包含多个值 'http://127.0.0.1:9000, http://127.0.0.1:9000'，但只允许一个.因此，不允许访问源http://127.0.0.1:9000".

Fiddler 告诉我，在成功的选项请求之后，get 请求中确实有两个标头条目.我在什么地方做错了什么?

更新

当我使用 jQuery $.get 而不是 $http.get 时，会出现相同的错误消息.所以这对于 AngularJS 来说似乎没有问题.但是哪里错了?

解决方案

我添加了

config.EnableCors(new EnableCorsAttribute(Properties.Settings.Default.Cors, "", ""))

以及

app.UseCors(CorsOptions.AllowAll);

在服务器上.这导致两个标题条目.只需使用后一种即可.

I'm using AngularJS $http on the client side to access an endpoint of a ASP.NET Web API application on the server side. As the client is hosted on a different domain as the server, I need CORS. It works for $http.post(url, data). But as soon as I authenticate the user and make a request via $http.get(url), I get the message

The 'Access-Control-Allow-Origin' header contains multiple values 'http://127.0.0.1:9000, http://127.0.0.1:9000', but only one is allowed. Origin 'http://127.0.0.1:9000' is therefore not allowed access.

Fiddler shows me that there are indeed two header entries in the get request after a successful options request. What and where am I doing something wrong?

Update

When I use jQuery $.get instead of $http.get, the same error message appears. So this seems no issue with AngularJS. But where is it wrong?

解决方案

I added

config.EnableCors(new EnableCorsAttribute(Properties.Settings.Default.Cors, "", ""))

as well as

app.UseCors(CorsOptions.AllowAll);

on the server. This results in two header entries. Just use the latter one and it works.

这篇关于“Access-Control-Allow-Origin"标头包含多个值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！