Recently in dealing with the problem, cross-domain request to configure the HTTP response headers on IIS made a trusted source, but after the client request, through caught found in the response header access - control - allow - twice in origin, and not configured IIS allow - credentials, which means the red box of two values is not my configuration items,

Caught a screenshot


IIS configuration screenshot