BotanMan
Reputation: 1417
401 Unauthorized status code for cross-domain OPTIONS request
I use cross-domain requests for Angularjs + MVC WebAPI, in the case browser sends two requests first of them with OPTIONS type but i get 401 status code: http://grab.by/vrsA
I added Access-Control-* attributes to WebApi web.config file:
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
<remove name="X-AspNet-Version"/>
<add name="Access-Control-Allow-Origin" value="*"/>
<add name="Access-Control-Allow-Headers" value="content-type, accept, authorization, origin, referer, user-agent, x-token"/>
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS"/>
</customHeaders>
</httpProtocol>
so, can somebody explain my why?
Upvotes: 0
Views: 3276
Answers (1)
lalatnayak
Reputation: 170
The preflight (OPTIONS) request is sent without any security headers. You'll need to make sure that your webserver allows anonymous OPTIONS requests
Upvotes: 1
Related Questions
- I get a cross-origin error when making a HTTP requests
- AngularJS + ASP.NET Web API Cross-Domain Issue
- xmlhttprequest cannot load no 'access-control-allow-origin' only with post method (Angularjs)
- Angularjs application fail POST method to cross domain
- Cross origin post request from Angular get blocked by ASP Web API
- Angular $http to Web Api gives error of XMLHttpRequest -No 'Access-Control-Allow-Origin' header is present on the requested resource
- How to enable Cross Domains in ASP.NET Web api + Angular
- Cross domain issue in calling a restful API using Angular JS
- AngularJS performs an OPTIONS HTTP request for a cross-origin resource => error 401
- Unable to perform cross domain request in ASP.Net