I created a WebService in C#. All GET methods are working without any problems.
Now I need to provide some POST methods. When calling it via C# it works without any problems. Then I tried to write a small html page with JavaScript to call my methods. But there I get a CORS error ("Preflight channel did not succeed").
I already added the following part to my web.config file:
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="*" />
<add name="Access-Control-Allow-Methods" value="*" />
</customHeaders>
Sadly it is still not working. What am I doing wrong?
So what you have here is not really a valid way to handle CORS requests. The problem is that this will add the CORS headers to all responses, but browsers will use an OPTIONS request in order to check for CORS headers. This would work if you also implement OPTIONS requests for all of your API end points.
The better option is to use one of the CORS frameworks, such as this one: Enabling Cross-Origin Requests in ASP.NET Web API 2 for ASP.NET WebAPI 2. This type of framework will intercept the OPTIONS request for you and supply the appropriate response without the need for you to manually create 2 routes per endpoint.
Related
Error:
Access to XMLHttpRequest at 'http://localhost:7078/websync.ashx?token=1&src=js&AspxAutoDetectCookieSupport=1' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:4200, *', but only one is allowed.
Goal:
Be able to send a variable from SiteA to SiteB.
(SiteB hosts an iframe that appears on SiteA. SiteA hosts the angular and asp.net webapi. SiteB is the chatserver)
These are the current settings. Do I need both the web.config and the global.asax.cs file? What specifically is causing the error above from my setup?
It is my understanding that this happens when it's set in more than one place. Is having it in the web.config and the asax.cs causing that?
I've been through a lot of documentation about HttpResponse as well as CORS but feel like i'm missing a few pieces here:
SiteA\Web.config:
<add name="Access-Control-Allow-Origin" value="*" />
SiteA\Global.asax.cs:
response.AddHeader("Access-Control-Allow-Headers", "access-control-allow-origin,accept,x-api-applicationid,content-type,authorization");
SiteB\Web.config:
<add name="Access-Control-Allow-Origin" value="*" />
I believe you are missing the Access-Control-Allow-Methods in the response from the server. While not required for CORS requests in general, I believe that header is required for preflight-type CORS requests, e.g. https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request
Add this header to your web.config:
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" /> //limit this to methods you want to allow CORS on
You should see that your preflight requests are sending an Access-Control-Request-Method which should be one of the methods allowed by Access-Control-Allow-Methods for the preflight to work.
I'm not a backend developer, so I apologize ahead of time if I do not provide enough information. I am just trying to find some resources that will help my backend developer understand what I am trying to do.
I am trying to make an AJAX GET request to an rss feed inside of web application that was built using ASP.NET Web Forms. However, the request gets blocked because of Cross Origin Security. I want to enable CORS for the route that is associated with our RSS feed (/page/rss/{id}).
I was able to enable CORS in our webconfig using:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" values="*" />
<add name="Access-Control-Allow-Methods" values="GET" />
<add name="Access-Control-Allow-Headers" values="Content-Type" />
</customHeaders>
</httpProtocol>
But, that enables it for the entire project which is not what I want. Our routes are defined in an XML file like this:
<namespace.routing>
<routings>
<route name="publishedPage" url="page/{PageName}" page="~/Default.aspx" />
</routings>
<defaults>
<default url="http://blog.example.com" domain="example.com" page="page/homepage" />
</defaults>
</namespace.routing>
So, how would one go about enabling CORS on a specific path in ASP.NET Web Forms? If someone could point me in the direction of some resources that would help us that would be great. If you need anymore information I'm happy to provide it. Thanks!
I'm not sure how you are returning your rss endpoint, but if you have access to the HttpContext object, you can use it to supply the CORS headers directly.
HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", "*");
HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Methods", "Get");
HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Headers", "Content-Type");
Depending on how old your app is, you might need to use AddHeader instead of AppendHeader.
I'm beginner in Angular 2. I'm creating Angular project using Angular CLI. I'm separately creating asp.net MVC Web api project.
Using angular CLI to ng serve command start this service: localhost:4200
MVC web api start this service: localhost:65320
When i use Angular http get request to download data from localhost:65320/api/myservice, Cross origin problem occurred. Because angular project using different url. But i'm adding header to Access-Control-Allow-Origin=* problem solved.
But when i use http post request always return 405 method not allowed problem occurred
Question:
How to allow cross origin post request in web api controller?
Or how to configure Angular CLI created project work together with MVC project?
Correct Answer:
Web api cross origin problem solved following this article:
https://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api#enable-cors suggest by #chandermani
You can enable CORS in Web API in two different ways:
Using Microsoft.AspNet.WebApi.Cors: follow tutorial https://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api as Chandermani pointed out.
Add the following to your system.webServer element in your web.config:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
I'm building an internal application for work that uses AngularJS, WebAPI, and Windows Authentication. The Angular client and the WebAPI are different projects, which will run on two seperate ports on my local machine.
I enabled CORS in Web.config of the API project using the following:
<httpProtocol>
...
<customHeaders>
<add name="Access-Control-Allow-Origin" value="http://localhost:#PORTOFCLIENT#" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
<add name="Access-Control-Allow-Credentials" value="true" />
</customHeaders>
</httpProtocol>
I can make GET requests just fine; the problem is when I try to save an object using POST:
function updateFoo(foo) {
return $http.post(baseUrl + "/api/foos", foo, { withCredentials: true })
.then(updateFooComplete)
.catch(updateFooFailed);
...
}
I receive the following errors in Chrome:
OPTIONS http://localhost:#PORTOFWEBAPI#/api/foos
XMLHttpRequest cannot load http://localhost:#PORTOFWEBAPI#/api/foos. Response for preflight has invalid HTTP status code 401
After a little Googling, I found this response mentioning the fact that the OPTIONS request shouldn't be authenticated.
How do I prevent OPTION requests from being authenticated by WebAPI? Am I missing something?
I get an error on any OperationContract with POST: 405 method not allowed
GET work just fine. I've tried it on local and remote server with the webserver e.g. localhost/myPostMethod/myParam
I host the service like these :
RouteTable.Routes.Add(
new ServiceRoute(#"Default",
new CustomWebServiceHostFactory(),
typeof(DefaultService)));
(i use the webHttpBinding inside my CustomWebServiceHostFactory)
Can not change any settings inside IIS on my remote server. I think it's not necessary ether. Seems like the problem is somewhere inside my code.
Tried many thinks and i'm a little bit desperate right now. Would be very happy about any suggestions.
Added header... Solved.
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Methods" value="GET, POST" />
</customHeaders>
</httpProtocol>
</system.webServer>