AnsweredAssumed Answered

CORS and Web-Tier Secured Services

Question asked by steveway on Aug 13, 2015
Latest reply on Apr 21, 2016 by straatvark

Hi Everyone!

 

I have a situation where my application will be required to access web-tiered services across different domains.

 

I have added the following to the web config of web adapter:

 

<customHeaders>

     <add name="Access-Control-Allow-Credentials" value="true" />

     <add name="Access-Control-Allow-Origin" value="http://sub.domain.com" />

</customHeaders>

 

However, when testing in chrome, I receive the following error in console:

 

XMLHttpRequest cannot load <url to secured service>. the Access-Control-Allow-Origin header contains multiple values 'http://sub.domain.com,http://sub.domain.com' .http://sub.domain.com is therefore   not allowed access.

 

I have checked everything, i have definitly only configured one header in the web.config.  I am using the testing tool available on the enable cors site.

 

Against an unsecured sevrice, it works fine as we don't have to set the allow credentials header, but with secured services, it is not working.

 

Have also tried firefox, and i do not have IE available in this environment.

 

Thanks for anyone who can help!

Steve

Outcomes