blocked by CORS :The 'Access-Control-Allow-Origin' header contains multiple values ', ', Laravel8

Question

Access to XMLHttpRequest at 'http://localhost:8000/api/objectives' from origin 'http://localhost:4200' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.

score 3 · Answer 1 · answered Sep 22 '21 at 13:36

3

Head over to the cors.php in config folder and change this 'allowed_origins_patterns' => [], to 'allowed_origins_patterns' => ['*'],

answered Sep 22 '21 at 13:36

Arnoldkk

489
7
11

In my case, I did the reverse cos I already set headers in the .htaccess file inside the public folder. – Overcomer Jun 22 '22 at 04:00

score 1 · Answer 2 · answered May 03 '22 at 17:12

1

I ran into similar issues. In my case, I fixed it by removing

Header set Access-Control-Allow-Origin "*"

from my .htaccess file.

answered May 03 '22 at 17:12

Md. Zubaer Ahammed

931
11
13

Kashif Ali · Answer 3 · 2022-12-01T14:43:14.410

I was facing same issue but now its resolved. during R&D i found many thing that i would like to share.

if you are facing this issue:

Access to XMLHttpRequest at 'http://example.com/api/csrf-cookie' from origin 'http://localhost:3000' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed.

Because Laravel adding two Access-Control-Allow-Origin one from Public->index.php and other from CorsService.php that why getting this error

Solution is simple comment public->index file Access-Control-Allow-Origin: *' line

if you are facing this issue:

Access to XMLHttpRequest at 'http://example.com/api/csrf-cookie' from origin 'http://localhost:3000' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

and your are sending request with withCredentials: true

Solution: then you must enable Config->cors.php 'supports_credentials' => true, if your are sending without credential true then it should be false. I hope this will help you guys. Thanks

score 0 · Answer 4 · answered Aug 17 '21 at 20:53

0

First solution is to use this library https://github.com/fruitcake/laravel-cors

second one is adding header('Access-Control-Allow-Origin: *'); to your public/index.php that may fix the problem

answered Aug 17 '21 at 20:53

mj.akbarian

53
2
9

blocked by CORS :The 'Access-Control-Allow-Origin' header contains multiple values '*, *', Laravel8

4 Answers4

blocked by CORS :The 'Access-Control-Allow-Origin' header contains multiple values ', ', Laravel8