Access-Control-Allow-Origin 标头包含多个值 *、*

Question

我正在使用 c# 构建 REST Web 服务。

我有一个安装在另一台服务器上的 Web 应用程序。如果我尝试调用这些 Web 服务中的任何一个，我会收到此错误

从源“https://std.apps.com”访问“https://test.domain.com/WS/Hab-Dem/Tar/api/Login”处的 XMLHttpRequest 已被 CORS 策略阻止：对预检请求的响应未通过访问控制检查：“Access-Control-Allow-Origin”标头包含多个值 '*, *'，但只允许一个。

我已经创建了这个文件：

public class PreflightRequestsHandler : DelegatingHandler
{
    protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        if (request.Headers.Contains("Origin") && request.Method.Method.Equals("OPTIONS"))
        {
            var response = new HttpResponseMessage { StatusCode = HttpStatusCode.OK };

            // Define and add values to variables: origins, headers, methods (can be global) 
            response.Headers.Add("Access-Control-Allow-Origin", "*");
            response.Headers.Add("Access-Control-Allow-Headers", "Content-Type");
            response.Headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
            response.Headers.Add("Access-Control-Request-Headers", "*");

            var tsc = new TaskCompletionSource<HttpResponseMessage>();
            tsc.SetResult(response);

            return tsc.Task;
        }

        return base.SendAsync(request, cancellationToken);
    }
}

在WebApiConfig.cs我已经插入了这段代码：

public static void Register(HttpConfiguration config)
{
    // Web API configuration and services
    config.EnableCors(new EnableCorsAttribute("*", "*", "*", "X-Custom-Header"));
    config.MessageHandlers.Add(new PreflightRequestsHandler()); // Defined above
    config.MapHttpAttributeRoutes();

    config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional } );

    var jsonConfig = config.Formatters.JsonFormatter;
    jsonConfig.SerializerSettings.NullValueHandling = NullValueHandling.Ignore;
}

在web.config 文件中我添加了这个：

<system.webServer>
    <handlers>
        <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
        <remove name="OPTIONSVerbHandler" />
        <remove name="TRACEVerbHandler" />
        <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" 
             type="System.Web.Handlers.TransferRequestHandler" 
             preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
</system.webServer>

Answer 1

    // Website you wish to allow to connect
  res.setHeader('Access-Control-Allow-Origin', '*');

  // Request methods you wish to allow
  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');

  // Request headers you wish to allow
  res.setHeader('Access-Control-Allow-Headers', 'Access-Control-Allow-Headers, Origin,Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers,X-Access-Token,XKey,Authorization');

//  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

https://www.digitalocean.com/community/questions/blocked-by-cors-policy-the-access-control-allow-origin-mean-stack