The following error throws for me when making a request:
Access to XMLHttpRequest at 'My Server URL' from origin 'Server Name' has been
blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple
values 'Server Name, *', but only one is allowed.
However in my WebApiConfig.cs file I have defined the CORS policy as follows:
var cors = new EnableCorsAttribute("MyServerName", "Content-Type", "GET,PUT,POST,DELETE");
config.EnableCors(cors);
I have defined only one value MyServerName, yet the error thrown defines it as 'Server Name, *'
UPDATE:
When disabling my CORS definition in my WebApiConfig.cs file I recieve the following error when making a request:
Access to XMLHttpRequest at 'My Server URL' from origin 'Server Name' has been
blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in
the response must not be the wildcard '*' when the request's credentials mode is
'include'. The credentials mode of requests initiated by the XMLHttpRequest is
controlled by the withCredentials attribute.
I do not have CORS defined in my Web.config file.
UPDATE 2
My Access-Control-Allow-Origin value was being defined in my IIS, after changing it and running it, it thinks the value is ''.
Summing up from The 'Access-Control-Allow-Origin' header contains multiple values there are multiple ways to add CORS and you possibly have more than one:
app.UseCors(CorsOptions.AllowAll);<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>