Credentials flag is 'true', but the 'Access-Control-Allow-Credentials

Question

I am trying to connect to a ASP.NET Web-API Web Service from an AngularJS page and I am getting the following

Credentials flag is \'true\', but the \'Access-Control-Al

Answer 1

Try the method outlined here for preflight requests:

enabling cross-origin resource sharing on IIS7

And use the Chrome extension Postman or Fiddler for easier debugging of CORS. I'm willing to bet that you are adding the header twice, but without your entire code, it is difficult to debug. (heck, CORS is difficult to debug even with the code).

To me, it appears that you shouldn't have both the web.config setting as well as the global EnableCors() attribute - this causes the doubles.

You don't appear to be adding the Access-Control-Allow-Credentials anywhere server side, but it might be added by the AllowCors attribute, I am not sure. (I am partial to handling CORS in OWIN myself)