0

I'm trying to log into my application. It should return JWT token, and when I debugged my backend it worked - went through the method to the return statement. Problem is, my frontend didn't get it. Browser's network tracker says it returned 204 No Content, console logs 500 (Internal Server Error) and:

"Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:4200, *', but only one is allowed. Origin 'http://localhost:4200' is therefore not allowed access."

First it said there was no Access-Control-Allow-Origin header, but I added 

<add name="Access-Control-Allow-Origin" value="*" />

to my webconfig, now the error is as above.

Problem is, I've got a different app running those exact same settings and it has no problems :/ only difference is that I'm using Identity and Jwt tokens in this one, but it shouldn't affect the application.

In startup, I've enabled cors and used those options:

app.UseCors(builder =>
   builder.AllowAnyOrigin()
   .AllowAnyMethod()
   .AllowAnyHeader()
   .AllowCredentials());

this should be enough to allow any origin, shouldn't it? I've also got

Access-Control-Allow-Origin:* on response headers

no idea where did this localhost:4200, * in the console comes from...

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Nech
  • 359
  • 3
  • 15
  • What was the entire error message before you added the explicit header? – Kirk Larkin Nov 09 '17 at 14:29
  • Not exact duplicate but related:[The 'Access-Control-Allow-Origin' header contains multiple values](https://stackoverflow.com/questions/22343384/the-access-control-allow-origin-header-contains-multiple-values) – William-H-M Nov 09 '17 at 14:30
  • @Kirk No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 500. – Nech Nov 09 '17 at 14:34
  • 1
    @William-H-M it is related, I've already read it, problem is I'm using ASP.NET Core 2 and CORS is set up differently here :/ – Nech Nov 09 '17 at 14:35
  • I think it might be due to your 500 status code in that previous error - Something along the lines of the CORS header not being set when the server throws an exception, etc. With adding the header explicitly, the OPTIONS request now fails, but I expect it worked before and then the actual request caused an error. – Kirk Larkin Nov 09 '17 at 14:45
  • @Kirk problem is I've debugged the backend and it should be working. The other project crashes whenever it throws 500 Internal Server Error, this one somehow goes through and Angular logs the error to console. Any ideas how to check what went wrong? – Nech Nov 09 '17 at 15:00

1 Answers1

0

I found the culprit thanks to the output window in Visual Studio. I don't know why, but Visual didn't crash with null reference, only logged it to output.

Anyway, the problem was that Git didn't attach appsettings, where I store my JwtIssuer variable for generating Jwt, so it got null instead of a string.

Thanks @Kirk for pointing me in the right direction!

Nech
  • 359
  • 3
  • 15