AnsweredAssumed Answered

Multiple CORS header values

Question asked by Saurabh Deshpande on Jan 22, 2018
Latest reply on Jan 26, 2018 by Rory Hewitt

Has anybody encountered a scenario where request contains multiple values in Origin/Referer header?

We set CORS rules on Origin server playing back Origin / Referer values as Access-Control-Allow-Origin value. We seen CORS errors occurring on page as the ACAO had multiple values like "," sometimes repeated thrice. Has anyone faced this problem and able to replicate which browser / code is causing this? We can replicate by modifying headers but not able to find true root cause what is causing this.