The ‘Access-Control-Allow-Origin’ header contains multiple values

[Origin]: https://stackoverflow.com/questions/37594403/the-access-control-allow-origin-header-contains-multiple-values

i’m trying to send get request to api like it’s a login url

var url = "http://demo.software.travel/gptp/api/authorization?apiKey=****&alias=****&login=****&password=****"
$.get(url, function(data) {
    console.log(data);
});

i’m getting this in my console this error

XMLHttpRequest cannot load http://demo.software.travel/gptp/api/authorization?apiKey=****&alias=****&login=****&password=****. 
The 'Access-Control-Allow-Origin' header contains multiple values 'http://travellights.net, *', but only one is allowed. 
Origin 'http://travellights.net' is therefore not allowed access.

i’m trying to see questions here to solve it but i didn’t get what i need to change, this is annoying actually.

The ‘Access-Control-Allow-Origin’ header contains multiple values

this solved by asp.net web.congif

By the way i’m using CHROME BROWSER any help i appreciate.

UPDATE response headers:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:origin, x-requested-with, Content-Type, accept, Token
Access-Control-Allow-Methods:GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS
Access-Control-Allow-Origin:http://travellights.net
Access-Control-Allow-Origin:*
Connection:close
Content-Encoding:gzip
Content-Type:application/json;charset=utf-8
Date:Thu, 02 Jun 2016 16:41:18 GMT
Server:nginx/1.1.19
Set-Cookie:JSESSIONID=51FEE1A1206B9B481DD3EEA4167A9256; Path=/gptp
Vary:Origin
Vary:Accept-Encoding
X-UA-Compatible:IE=EmulateIE7

Request Headers:

Accept:application/json, text/javascript, */*; q=0.01
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,ar;q=0.6,en-GB;q=0.4
Connection:keep-alive
Host:demo.software.travel
Origin:http://travellights.net
Referer:http://travellights.net/b2b/Pages/login?
User-Agent:Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
shareedit

You are attempting to do Cross-origin resource sharing (CORS) which is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the resource originated. (such as accessing fonts or JSON files).

Browsers restrict your access to resources from other origins as of Same-origin policy as a security measure for internet users.

To get around this issue you have to options:

  1. allow CORS on the domain http://demo.software.travel (but there is are security concerns, more description about it here: https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet#Cross_Origin_Resource_Sharing)

Enable CORS on the server to be able to access other domains through. this can be done by adding the following headers to responses:

Access-Control-Allow-Origin: http://travellights.net Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
  1. if you are not granted resource sharing with that domain, you are allowed to use JSONP for read only operations (JSONP is inherently read-only)

JSONP wraps a JSON object in a callback, which technically makes the request a non-restricted resource (a script tag) hence can be shared across domains.

it can be done via vanilla js by adding a script tag onto the page.

function process(data) {
    // do stuff with JSON
}

var script = document.createElement('script');
script.src = '//domainURL?callback=process'

document.getElementsByTagName('head')[0].appendChild(script);

or you can use jquery to achieve the same:

$.ajax({enter code here
    url: "http://query.yahooapis.com/v1/public/yql",
    jsonp: "callback",
    dataType: "jsonp",
    data: {
        q: "select title,abstract,url from search.news where query=\"cat\"",
        format: "json"
    },
    success: function( response ) {
        console.log( response ); // server response
    }
});

jquery documentation: https://learn.jquery.com/ajax/working-with-jsonp/

shareedit

If you set “Full” CORS (with OPTION pre-request) on in nginx by add ‘access-control-allow-origin *’ and independently you add that header (for Simple CORS – without OPTION pre-request) to each response in SERVER (eg. php):

header('Access-Control-Allow-Origin', "*");

Then you will get this problem. Solution: remove code which add this header in server if already you add this header in your nginx config 🙂

I found this advice here

shareedit
Advertisements

Tech tip: How to do hard refresh in Chrome, Firefox and IE?

[Origin]: https://www.getfilecloud.com/blog/2015/03/tech-tip-how-to-do-hard-refresh-in-browsers/#.WguIZkqnGUl

Browser cache are useful for web browsing , but a real pain point for developers.

Modern day browsers nowadays cache every front end resource like javascript or CSS style sheets. They primarily do this to increase the website performance. But this can be really irritating while one is in development mode and constantly modifying the javascript or css style sheets. The only way to see the changes is by doing a hard refresh or clear the cache of the browser.

hard refresh is a way of clearing the browser’s cache for a specific page, to force it to load the most recent version of a page. Sometimes, when changes are made to the website, they don’t register immediately due to caching. A hard refresh will usually fix this, though occasionally completely clearing the cache is necessary.

How to do hard refresh on various browsers?

Chrome:

Quick hard refresh can be done by using the following short cut keys

Windows/Linux:

  1. Hold down Ctrl and click the Reload button.
  2. Or, Hold down Ctrl and press F5.
  3. just open the Chrome Dev Tools by pressing F12. Once the chrome dev tools are open, just right click on the refresh button and a menu will drop down. This menu gives you the option of doing a hard refresh, or even clearing the cache and do a hard refresh automatically.

Hardrefresh-chrome

Mac:

  1. Hold ⇧ Shift and click the Reload button.
  2. Or, hold down ⌘ Cmd and ⇧ Shift key and then press R.

 

Mozilla Firefox and Related Browsers:

Windows/Linux:

  1. Hold the Ctrl key and press the F5 key.
  2. Or, hold down Ctrl and ⇧ Shift and then press R.

Mac:

  1. Hold down the ⇧ Shift and click the Reload button.
  2. Or, hold down ⌘ Cmd and ⇧ Shift and then press R.

 

Internet Explorer:

  1. Hold the Ctrl key and press the F5 key.
  2. Or, hold the Ctrl key and click the Refresh button.

How in Chrome can you easily kill an infinite loop?

[Origin]: https://www.codeschool.com/discuss/t/how-in-chrome-can-you-easily-kill-an-infinite-loop/17580

This happens to me constantly. I’m checking out some code–sometimes stuff I’ve written frowning — and I freeze Chrome because the code has an unexpected infinite loop.

If it’s not chewing up too many resources, you can

  1. open up the devtools,
  2. click pause, which usually works,
  3. stop the code by changing it appropriately in the browser.

But that’s way too hard and time-consuming. There’s gotta be a stop-button type of way to do this.

Any ideas on how to better, more easily do this?

———————————————————-

Since Chrome uses individual tabs as processes, I just use Process Explorer (when I’m on Windows) to force end the browser tab with an infinite loop. It doesn’t close the browser and usually won’t affect any other tabs.

If you’d rather close the tab in native Chrome, you can use Shift+Esc to bring up the task manager (for Chrome) and end the tab there instead. I haven’t done this in a while, but it should still work.

Donovan

How can I enable Silverlight in Google Chrome 42+?

How to temporarily enable NPAPI plugins

If you must use a NPAPI plugin, there’s a temporary workaround that will work until Chrome version 45 is released later in 2015:

  1. Open Chrome.
  2. In the address bar at the top of the screen, type chrome://flags/#enable-npapi
  3. In the window that opens, click the link that says Enable under the Enable NPAPI flag:Enable NPAPI Flag Screenshot
  4. In the bottom left corner of the page, click the Relaunch Now button.

After the release of Chrome version 45, you’ll need to use an alternate web browser to load content that requires a NPAPI plugin.