Encountered the following error when running my website:
Failed to load http://localhost:54721/api/Auth/GetMenuItemsByRoleId/null: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:4200, *', but only one is allowed. Origin 'http://localhost:4200' is therefore not allowed access
To resolve this issue, I have added the following code in every controller, which has been effective.
[EnableCors("http://localhost:54721/", "*", "*")]
This approach fixed the error, however applying it in each controller is not ideal.
Is there a more efficient solution that can be implemented in one place, like the web.config file?
The startup.cs file looks like this:
public partial class Startup
{
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public void Configuration(IAppBuilder app)
{
HttpConfiguration httpconfig = new HttpConfiguration();
WebApiConfig.Register(httpconfig);
//enable CORS for origin requests
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
ConfigureOAuth(app);
}
public void ConfigureOAuth(IAppBuilder app)
{
double timeout = Convert.ToDouble(ConfigurationManager.AppSettings["Timeout"].ToString());
OAuthAuthorizationServerOptions OAuthserverOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(10),
Provider = new SimpleAuthorizationServerProvider()
};
//Token generation
app.UseOAuthAuthorizationServer(OAuthserverOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}