HTTP Post to Web API 2 - Options request received and handled no further request received

Question

I have a web application using MVC and AngularJS, which connects to a Web API 2 api, that I have set up in a separate project.

Currently I am able to retrieve information from the Api with no problems.

However when I try to do a HTTP Post I am getting no response, originally I was getting a problem with the pre-flight request failing, I have now handled this in my controller, however it does not send the proper request after it has got an OK message back.

I have included my code for the Angular Factory and the C# Controller in the API.

[EnableCors(origins: "*", headers: "*", methods: "*")]
public class RegisterController : ApiController
{
    public string Post()
    {

        return "success";
    }

    public HttpResponseMessage Options()
    {
        return new HttpResponseMessage { StatusCode = HttpStatusCode.OK };
    }
}


var RegistrationFactory = function($http, $q, ApiAddress) {
return function(model) {
   // $http.post(ApiAddress.getApiAddress() + '/Register/Post', model.ToString());

    $http({
        method: "POST",
        url: ApiAddress.getApiAddress() + '/Register/Post',
        data: model,
        headers: { 'Content-Type': 'application/json; charset=utf-8' }
    }).success(function(data) {
        $location.path("/");
    });
}
};

RegistrationFactory.$inject = ['$http', '$q', 'ApiAddress'];

Edit:

I am still not having any joy with this, however I tested in Internet Explorer and it works with no problems at all.

I have got it working in chrome by starting with web security disabled, however obviously this is not ideal as it will not work on a user PC with security enabled.

Answer 1

I see that you have done adaptation for CORS on the server side. But I cannot see any client side (javascript) adaptation. May be you should add the code below before calling the service.

$http.defaults.useXDomain = true;
delete $httpProvider.defaults.headers.common['X-Requested-With'];

Let me know if this fixes the issue. Worked for me in all scenarios :)

Answer 2

CORS requires a OPTIONS-preflight which has HTTP headers in its response that tell the browser whether it is allowed to access the resource.

E.g. HTTP Response Headers:

Access-Control-Allow-Headers: authorization
Access-Control-Allow-Origin: *

Because you have a custom Options handler in your C# controller, it seems those HTTP headers are not returned, stopping the browser to make the call after the preflight.

Avoid the Options method, and you should be good.

Answer 3

It's strange that your GETs work, but your POSTs don't.

I would recommend running the code in Google Chrome with web security enabled (so we can watch it go wrong) and with the F12 Developer Options shown.

Select the Network tab, run your code, and watch what happens when the POST is called.

Does your service return a "200 OK" status, or some other value ?

Does any kind of Response get returned ?

It might be worth trying this, and appending a screenshot of the results in your original question. It might help to identify the cause.

I am still not having any joy with this, however I tested in Internet Explorer and it works with no problems at all.

Btw, you don't have any single sign-on stuff setup in your company, do you ? We've had issues where IE works fine, but other browsers don't allow single sign-on. Just a thought...