After multiple hours of reading, I came up that the IIS doesn't support more than one
"Access-Control-Allow-Origin"
header.
Also setting the value with "*"
isn't allowed with error:
A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'null' is therefore not allowed access.
Other SO questions came up with solutions like this one or this one but I don't know where I do have to change the header.
My application is written in .NET and I'm using IIS 8.5. My target is to do a CORS request for multiple origin domains. Do I have to write a IHttpModule to handle the origin header?