CODEWITHSUNDEEP
jqueryajaxcorsasp.net-web-api
Ben Power
Ben Power

Reputation: 1875

JQuery Ajax POST to Web API returning 405 Method Not Allowed

So I have a jquery ajax request like this:

    function createLokiAccount(someurl) {
    var d = {"Jurisdiction":17}

        $.ajax({
                type: "POST",
                url:"http://myserver:111/Api/V1/Customers/CreateCustomer/",
                data: JSON.stringify(d),
                contentType: "application/json; charset=utf-8",
                dataType: "json",
                success: function(data){alert(data);},
                failure: function(errMsg) {
                    alert(errMsg);
                }
            });
    }

This is hitting my web api which is basically:

    [HttpPost]
    public CreateCustomer.Response CreateCustomer(CreateCustomer.Request request)
    {
        HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", "*");
    ...

Which when I call it in Chrome gives me:

OPTIONS http://myserver:111/Api/V1/Customers/CreateCustomer/ 405 (Method Not Allowed) 
No 'Access-Control-Allow-Origin' header is present on the requested resource.

When I do the POST request from Fiddler it includes "Access-Control-Allow-Origin: *" in the response header as it should, which would suggest the API is configured correctly, yet the (from Fiddler) the jquery request looks like:

OPTIONS http://myserver:111/Api/V1/Customers/CreateCustomer/ HTTP/1.1 Host: myserver:111 Connection: keep-alive Access-Control-Request-Method: POST Origin: http://localhost:6500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 Access-Control-Request-Headers: accept, content-type Accept: / Referer: http://localhost:6500/Home/Replication?interval=1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,en-GB;q=0.6,it-IT;q=0.4,it;q=0.2

So why is my POST request getting turned into an OPTIONS request?

Upvotes: 2

Views: 21831

Answers (1)

Alexey Avdeyev
Alexey Avdeyev

Reputation: 609

First of all, you're adding only one header, but there is at least three of them you needed:

"Access-Control-Allow-Origin", "*"

"Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"

"Access-Control-Allow-Headers", "Content-Type, Accept"

Secondly, in case if you need CORS only for one method in certain controller, the way you're adding headers is ok. But in common it's not right.

ASP.NET 5 with Web API 2 offers CORS library.

But if you're using Web API, I can offer solution (not truly proper, but working). Just add (in Global.asax) to every request required headers

protected void Application_BeginRequest(object sender, EventArgs e)
{
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
    if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
    {
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
        HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
        HttpContext.Current.Response.End();
    }

}

Upvotes: 3

Related Questions