This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

CORS Error : header contains multiple values '*, *', but only one is allowed

Posted on 06-08-2015 08:41 AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi All,

I am getting "The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed." type of error when requesting an API via ApiGee.

I have added an ApiGee policy of AssignMessage,

<AssignMessage async="false" continueOnError="false" enabled="true" name="add-cors">

<DisplayName>Add CORS</DisplayName>

<FaultRules/>

<Properties/>

<Add>

<Headers>

<Header name="Access-Control-Allow-Origin"> * </Header>

</Headers>

</Add>

<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>

<AssignTo createNew="false" transport="http" type="response"/>

</AssignMessage>

and having PreFlow Response as,

<PreFlow name="PreFlow">

<Request/>

<Response>

<Step>

<Name>add-cors</Name>

</Step>

</Response>

</PreFlow>

Am I missing anything? please help me out 😞

@Michael Malloy

@Gaurav Vishwas Joshi

@Dave Newman

@Barahalikar Siddharth

@Maruti Chand

@mukundha@apigee.com

@Hasan Otuome

@Scott Ganyo

@Mohsen Azimi

@all

Solved Solved
3 11 136K
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ceber
Staff
Reply posted on --/--/---- --:-- AM

Instead of using Add to set the Access-Control-Allow-Origin header, use Set. Since headers can support multiple values, Add will add one, rather than just setting the existing. Set will ensure that if there is already a header there you aren't doubling it up.

View solution in original post

Jump to Solution
11 REPLIES 11
Top Solution Authors
View all