您有任何选项设置到您的web.config文件为cors？即< add name =Access-Control-Allow-Originvalue =*/>

do you have any options set into your web.config file for cors ? i.e something like <add name="Access-Control-Allow-Origin" value="*"/>

如果是，请确保删除，并通过代码控制cors。

if yes make sure to remove that, and control the cors through the code only.

编辑这意味着你总是添加头到您的响应，无论请求命中的控制器，并且如果请求命中控制器与EnableCors属性，它将添加另一个头。如果你删除Application_BeginRequest（）中的一个，它应该工作，但这意味着你需要装饰所有其他控制器的EnableCors属性，这在你的情况下可能是可以接受的，否则，你需要添加一个DelegateHandler，你可以检查请求并根据所请求的控制器设置cors。请查看此 http：// georgedurzi .com / implementation-cross-browser-cors-support-for-asp-net-web-api / 它可能有助于从DelegateHandlers开始。希望有所帮助。

well, that means that you always add the header to your response, no matter which controller the request hits, and in case the request hits the controller with the EnableCors attribute it will add another header. If you removed the one in the Application_BeginRequest() it should work, however that means that you need to decorate all other controllers with EnableCors attribute, which maybe acceptable in your case, otherwise, you need to add a DelegateHandler where you can check the request and set the cors depending on the requested controller. have a look at this http://georgedurzi.com/implementing-cross-browser-cors-support-for-asp-net-web-api/ it may help start with DelegateHandlers. Hope that helps.