0

Hi,

I am working on a project to get feed from websync server. The server owner set Access-Control-Allow-Origin to * for testing purpose. However on trying to subscribe i am getting below error.

Access to XMLHttpRequest at 'http://IP/websync.ashx?token=11857997&src=js&AspxAutoDetectCookieSupport=1' from origin 'http://localhost:44371' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:44371, *', but only one is allowed.

I checked websync documentation and found that by default, WebSync responds to cross-origin resource sharing (CORS) requests by sending back appropriate values for the following headers.

WebSync Documentation

But still i don't know if i can fix the issue from client side.

Here is my sample javascript code

var client = new fm.websync.client("http://IP/websync.ashx");

client.connect({
  onSuccess: function(e)
  {
    writeLine("Connect success!");
  },
  onFailure: function(e)
  {
    writeLine("Connect failure.");
    writeLine(e.getException().message);
  },
  onStreamFailure: function(e)
   {
     writeLine("Stream failure.");
     writeLine(e.getException().message);
     writeLine("Reconnecting...");
   }
  });

var writeLine = function(text) {
var div = document.createElement('div');
div.innerHTML = text;
document.body.appendChild(div);};
Di Kamal
  • 173
  • 13
  • no you can't fix server-side issue from the client side. The owner needs to remove that extra * value, if the system is already going to add your origin into the header by default. As the error says, it's only valid to send back one value at a time for the allowed origin. – ADyson Jul 08 '20 at 13:43
  • The owner added only one value which is *. localhost header value is added i think by websync library it self as it changes based on requester IP. – Di Kamal Jul 08 '20 at 13:45
  • ok sure, you already explained that in the question. It doesn't change my advice. One of them needs to be removed before the header will be considered valid by the browser. This change needs to be made somewhere on the server, wherever it was configured in the first place. – ADyson Jul 08 '20 at 13:51

0 Answers0