Credentials flag is 'true', but the 'Access-Control-Allow-Credentials

Question

I am trying to connect to a ASP.NET Web-API Web Service from an AngularJS page and I am getting the following

Credentials flag is \'true\', but the \'Access-Control-Al

Answer 1

The header is added twice once by the code and the other by the web.config. The CORS support is used to allow for the addition of headers for CORS purposes. The configuration custom headers also add response headers to any request, so you may want to remove the config setting.

var cors = new EnableCorsAttribute..


    

Since both of those areas are adding the same origin twice, you get the multiple values on the header.

When making an AJAX call with the parameter withCredentials: true, the response header should have the Access-Control-Allow-Credentials = true. You need to add that via code using SupportsCredentials = true for the CORS attributes. Otherwise you will get the error "Credentials flag is 'true', but the 'Access-Control-Allow-Credentials is ''"

For more information, on the withCredential parameter and the response header look at this article:

http://www.ozkary.com/2015/12/api-oauth-token-access-control-allow-credentials.html

hope it helps.