AnsweredAssumed Answered

Multiple CORS header values

Question asked by Saurabh Deshpande on Jan 22, 2018
Latest reply on Jan 26, 2018 by Rory Hewitt

Has anybody encountered a scenario where request contains multiple values in Origin/Referer header?

We set CORS rules on Origin server playing back Origin / Referer values as Access-Control-Allow-Origin value. We seen CORS errors occurring on page as the ACAO had multiple values like "https://www.example.com, https://www.example.com" sometimes repeated thrice. Has anyone faced this problem and able to replicate which browser / code is causing this? We can replicate by modifying headers but not able to find true root cause what is causing this.

Outcomes