Has anybody encountered a scenario where request contains multiple values in Origin/Referer header?
We set CORS rules on Origin server playing back Origin / Referer values as Access-Control-Allow-Origin value. We seen CORS errors occurring on page as the ACAO had multiple values like "https://www.example.com, https://www.example.com" sometimes repeated thrice. Has anyone faced this problem and able to replicate which browser / code is causing this? We can replicate by modifying headers but not able to find true root cause what is causing this.