I have a wcf web service application running from IIS Express in VS 2015 that needs to allow cross origin requests. Initially I got a "Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:1234' is therefore not allowed access." message from my client app. I added a Global.asax with the following code
protected void Application_BeginRequest(object sender, EventArgs e)
{
// Ensure the web service allows cross site scripting from certain origins
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "http://localhost:1234");
if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
{
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "POST, PUT, OPTIONS");
//HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type");
HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
HttpContext.Current.Response.End();
}
}
Now when I try to call the service from my client I get "The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:1234, *', but only one is allowed. Origin 'http://localhost:1234' is therefore not allowed access."
So no header is not enough, but one header is turning into two. Why does this happen?
Note: I don't have anything in the web.config that would add any headers
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
