I'm trying to make a simple ajax request, but get an error "XMLHttpRequest cannot load URL. The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:52007, *', but only one is allowed. Origin 'http://localhost:52007' is therefore not allowed access."
Request:
$.ajax({
type: "GET",
url: url,
dataType: "json",
success: successFunc,
error: errorFunc,
xhrFields: {
withCredentials: true
}
});As I understand the error occurs because response contains two 'Access-Control-Allow-Origin' headers: one for my machine - 'localhost:52007' and an other one is '*'.
The last one '*' is added automatically by IIS by HTTP Response Headers section(there is a rule to always add Access-Control-Allow-Origin='*'). Unfortunately I can't change that
After I looked on request via Fiddler I saw that it contains Access-Control-Allow-Origin='localhost'. It looks like on the server this header is copied to response and also Access-Control-Allow-Origin='*' is added because of the rule.
So, what can I do in this situation? Can I remove Access-Control-Allow-Origin='localhost' from my request? Or maybe if I change it's value from 'localhost' to '*' it would not be copied to response. But how can I do that?
</div>
