Reason: Multiple CORS header ‘Access-Control-Allow-Origin’ not allowed
What went wrong?
More than one
Access-Control-Allow-Origin header was sent by the server. This isn't allowed.
Fortunately, as long as you have access to the server's configuration, fixing this is easy. The
Access-Control-Allow-Origin header supports multiple origins, separated by commas, like this:
Access-Control-Allow-Origin: https://mozilla.org, https://google.com, https://microsoft.com, https://apple.com
This would allow CORS requests from Mozilla, Google, Microsoft, and Apple's domains.
All you need to do is combine multiple
Access-Control-Allow-Origin headers into a single one, with commas separating the origins gathered from each copy of the header.