My API server is running in spring boot application on port 8090 and front end application running in Angular 6. All is working fine until I have single IP in Access-Control-Allow-Origin header.
Now APIs is used by 2 different font end application running on a different port(80 and 7000). I added both IPs in Access-Control-Allow-Origin header and it is not working
As per this we can have multiple cors origins with comma separated
Details:
Request:
Accept: /
Accept-Encoding: gzip, deflate
Accept-Language: en-IN,en-GB;q=0.9,en-US;q=0.8,en;q=0.7
Access-Control-Request-Headers: content-type,x-auth
Access-Control-Request-Method: GET
Cache-Control: no-cache
Connection: keep-alive
Host: 192.168.1.10:8090
Origin: http://192.168.1.10:7000
Pragma: no-cache
Referer: http://192.168.1.10:7000/user/dashboard
Response:
Access-Control-Allow-Headers: X-Auth,Origin,X-Requested-With,Content-Type,Accept,X-Forwarded-For
Access-Control-Allow-Methods: GET,POST,OPTIONS,PUT,DELETE
Access-Control-Allow-Origin: http://192.168.1.10,http://192.168.1.10:7000
Access-Control-Expose-Headers: X-Auth
Content-Length: 0
Date: Fri, 01 Feb 2019 05:54:29 GMT
Error:
Access to XMLHttpRequest at 'http://192.168.1.10:8090/api/patient/logout' from origin 'http://192.168.1.10:7000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'http://192.168.1.10,http://192.168.1.10:7000', but only one is allowed.