There are duplicate questions related to CORS. But none of the solutions worked for me.I am running my application on Openshift Cloud.I have installed cors npm package as middleware. This is the error.

'Access-Control-Allow-Origin' header contains multiple values 'http://evil.com/, *', but only one is allowed. Origin 'http://my-app-name.rhcloud.com' is therefore not allowed access.

Server Side Code

var app = express();
var server = require('http').Server(app);
var io = require('socket.io').listen(server);
var cors = require('cors');
app.use(cors());

//rest of the code

var server_port = process.env.OPENSHIFT_NODEJS_PORT || 8080;
var server_ip_address = process.env.OPENSHIFT_NODEJS_IP || '127.0.0.1';
server.listen(server_port, server_ip_address);

Client Side Code

var socket = io.connect('http://my-app-name.rhcloud.com:8000/',{
    'forceNew':true
});

I am using angularjs and express framework.

Have you installed a plugin to enable/disable cors on your browser? I did it and it was the origin of my problem. I uninstalled it and the 'http://evil.com' origin header was gone.

Try to turn off your browser extension for CORS.

I spent about 50 hours with this stupid issue with evil.com and finally I've got a solution. Author of CORS chrome extension did it on purpouse to get our attencion on dangers with cors. Just uninstall this garbage, and everything will work fine. Damn!

This issue is normally caused by the CORS plugin in chrome. Disabling the plugin should fix the issue for you.