I got a problem when cross-search requests from my application Angular JS works fine in Chrome, but not in Firefox.
Error received in firefox:
The cross-request request is blocked: a policy of the same origin prohibits reading the remote resource at https://api.domain.eu/join/joinstatus . (Reason: CORS header 'Access-Control-Allow-Origin' does not match ' https://www.domain.eu , https://www.domain.eu ').
I can make requests successfully until I add a header Authorizationto the request.
My server (ASP.Net Web API running on IIS) has the following headers:
Access-Control-Allow-Origin: https://www.domain.eu
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Credentials: true
Firefox successfully sends a request with a request OPTIONS. Looking through this, I see that the sent header is Origincontained in the returned header Access-Control-Allow-Origin.
In fact, for some reason, the returned header Access-Control-Allow-Originhas my domain name two times (despite the fact that it is specified once in the configuration), for example.
Access-Control-Allow-Origin: https://www.domain.eu, https://www.domain.eu
What aside, what's the difference between Firefox and Chrome in this regard?
What else do I need to do to make this work in Firefox?
UPDATE
I noticed that if I set my headings as follows ...
`Access-Control-Allow-Origin: https://www.domain.eu '
... then the pre-flight request OPTIONSworks fine. The title is the Access-Control-Allow-Originsame for both the request and the response. However, the actual request GETfails with the error above.
:
Access-Control-Allow-Origin: https://www.domain.eu, https://www.domain.eu
... ( , Firefox ), OPTIONS , Firefox https://www.domain.eu .