I'm having a problem where by the cross origin requests from my Angular JS application work fine in Chrome but not in Firefox.

The error received in firefox is:

I can make requests successfully until I add an Authorization header to the request.

My server (ASP.Net Web API running on IIS) has the following headers set up:

Access-Control-Allow-Origin: https://www.domain.eu
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Authorization
Access-Control-Allow-Credentials: true

Firefox successfully pre-flights the request with an OPTIONS request. Looking through this I can see the sent Origin header is contained in the returned Access-Control-Allow-Origin header.

In fact, for some reason the returned Access-Control-Allow-Origin header has my domain name twice (despite specifying it once in config) e.g.

Access-Control-Allow-Origin: https://www.domain.eu, https://www.domain.eu

That aside what is the difference between Firefox and Chrome in this regard?

What else do I need to do so that this will work in Firefox?

UPDATE

I have noticed that if I set my headers as follows...