Reputation: 1723
CORS and Internal Server Error responses
In ASP.NET WebApi2 if there is an internal server error, a 500 Response is sent without the Access-Control-Allow-Origin header, even when CORS is enabled.
This leads the browser to report a CORS error, not an internal server error.
I suppose a server in an erroneous state might not be able to report on the origins it will respond to so it seems to me like the browser should handle this exceptional case and report the internal error, rather than the CORS one.
A ) Is there a way to get the internal server error to show up in the browser as the reason my request failed?
B ) Should an issue be raised with the browser regarding this?
Upvotes: 4
Views: 2084
Answers (1)
Reputation: 19890
According to the CORS spec, the user agent (browser) should not reveal anything about the request if the response does not contain proper acknowledgement of the cross-origin request. So, the browsers are following the spec, and there is nothing more that can be done about this. If you want to programmatically reveal the underlying response status client-side, your server will need to properly acknowledge the cross-origin request by including the appropriate Access-Control-Allow header(s).
Upvotes: 6
Related Questions
- CORS header not being set for internal server error response ASP.NET Core 3.1
- CORS Server Settings for ASP.net?
- ASP.Net WEB API 2.0 - CORS
- 500 internal server error. CORS
- CORS and ASP.Net Web API
- Cors issues using sharepoint
- Issues with CORS in ASP.NET
- CORS issue on chrome & firefox
- CORS operation being canceled
- fiddler shows 200/OK response but jquery receives error in asp.net web api cors