Dynamics Community Forum Thread Details

The 'Access-Control-Allow-Origin' header contains multiple values

Hello everyone

I am working on a Dynamics 365 CRM on premise system, version 9.1 with the latest updates (December 2023).

I have a custom website that makes AJAX call to the dynamics 365 system using its Odata web API to retrieve some data. This call fails in the browser. I have pasted the error message below. The error message says, as you can read that the 'Access-Control-Allow-Origin' header contains multiple values. And it is also true, I can see in the browser DevTools that the 'Access-Control-Allow-Origin' header is present in the response headers form my dynamics 365 system two times - first one with the value * (wild card) and the second is the one I have added for my custom website.

I have added the http response header for my custom website in IIS website of the dynamics 365. I do not know where the first one comes from - the one with the wild card. I haven't added that one. Can anyone help?

The error message I see in the browser dev tools is:

/Access to XMLHttpRequest at 'https://dynamics-server/ORG/api/data/v9.1/records?$filter=name%20eq%20%27%20someSearchTerm%20term%20A/S%27' from origin 'http://my-custom-site.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values '*, http://my-custom-site.com', but only one is allowed./

Quick Links