The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed

Question

I\'m using Angular and ASP.NET API. The issue I\'m facing: when I add CORS in the API code, it works on Internet Explorer but does not work on Chrome and Firefox.

Here i

Answer 1

Chrome and Firefox use what is called a pre-flight check using the "OPTIONS" verb.

So, you have to add "OPTIONS" to the allowed methods in the web.config. You also may have to add some code to the Application_Begin request, like this answer suggests: Handling CORS Preflight requests to ASP.NET MVC actions

Here are some resources for CORS:

IIS hijacks CORS Preflight OPTIONS request

http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api