I'm making HTTPS request to a private API (hosted Itop), I get an response but I get CORS Multiple Origin Not Allow
error so my JavaScript program can't use the response content.
I'm supposed to have CORS authorization
The requests are POST
, made with fetch, there isn't preflight (OPTIONS
) request made before (fetch did them alone for my other GET
API request but didn't here)
Also some server response time is long for firefox (~2s) but it don't seems to change anything
It's not allowed to send multiple Access-Control-Allow-Origin
headers or multiple origins in one header in the same response. In the comments, you described two same Access-Control-Allow-Origin
headers in one response. Even two same origins aren't allowed. Remove one header in the backend code.