Reputation: 7826
404 for web.api cors OPTIONS
I've followed the usual steps for enabling cors in web.api, but get a 404 response to an OPTIONS request in Chrome and in Firefox I get Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.mydomain.com/api/1/widgets. This can be fixed by moving the resource to the same domain or enabling CORS.
In my WebApiConfig.cs I've got:
var enableCorsAttribute = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(enableCorsAttribute);
I've also tried adding EnableCors attributes to the specific controllers or actions and all have the same result.
I've also added the following to my web.config:
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
<handlers>
<remove name="WebDAV" />
...
Here is my javascript:
$.ajax({
url: 'https://api.mydomain.com/api/1/widgets',
type: "GET",
headers: {
Accept: "text/html; charset=utf-8",
Authorization: 'Bearer ???????????????????????????????'
}
});
But the response is 404 in Chrome and "Cross-Origin request Blocked" in Firefox.
Here are the details of the failing request from my chrome developer toolbar:
Remote Address:??.???.???.???:443
Request URL:https://api.mydomain.com/api/1/widgets
Request Method:OPTIONS
Status Code:404 Not Found
Request
OPTIONS /api/1/widgets HTTP/1.1
Host: api.mydomain.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://myotherdomain.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://myotherdomain.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6
Response
HTTP/1.1 404 Not Found
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: http://myotherdomain.com
Access-Control-Allow-Credentials: true
X-AspNetMvc-Version: 5.0
X-UA-Compatible: IE=edge,chrome=1
X-Frame-Options: SAMEORIGIN
Cache-conrol: no-store
Date: Thu, 28 Aug 2014 16:00:28 GMT
Content-Length: 341
What am I missing?
Upvotes: 8
Views: 12524
Answers (2)
Reputation: 7826
In case anyone else has the same problem, this issue was due to the fact that we were using Microsoft's excellent UrlScan in IIS.
UrlScan has an AllowVerbs section and a DenyVerbs section. Ensure that the options verb is allowed.
Upvotes: 10
Reputation: 403
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
var corsAttr = new EnableCorsAttribute("http://localhost:3000", "*", "*");
config.EnableCors(corsAttr);
config.Routes.MapHttpRoute("DefaultApiWithId", "Api/{controller}/{id}", new { id = RouteParameter.Optional }, new { id = new GuidConstraint() });
config.Routes.MapHttpRoute("DefaultApiWithAction", "Api/{controller}/{action}");
config.Routes.MapHttpRoute("DefaultApiGet", "Api/{controller}", new { action = "Get" }, new { httpMethod = new HttpMethodConstraint(HttpMethod.Get) });
config.Routes.MapHttpRoute("DefaultApiPost", "Api/{controller}", new { action = "Post" }, new { httpMethod = new HttpMethodConstraint(HttpMethod.Post) });
config.Routes.MapHttpRoute("DefaultApiOptions", "Api/{controller}", new { action = "Options" }, new { httpMethod = new HttpMethodConstraint(HttpMethod.Options) });
}
}
The last line can solve the issue for .Net WebApi
Upvotes: 0
Related Questions
- Enable CORS in Web API 2
- C# webapi Cors Option request in server returns error 404 not found
- Enable CORS on my Web API not working
- CORS and ASP.Net Web API
- Enable CORS for Web API 1, .net 4.0
- Can't enable CORS for web api
- ASP.net WEB API CORS 404 error
- Issues with CORS in ASP.NET
- Web API CORS support not working on http
- Enabling CORS in Web Api 2