Chrome HTTP OPTIONS (Preflight) Fails, but works in Postman

Question

I am building a SPA using AngularJS and .NET MVC/WebApi. I am having an issue with Chrome sending a pre-flight request for POST,PUT,DELETE operations (as it should), and getting a 404 response back from the server. The issue with this is that this request (with identical headers and HTTP method) is successful when using an API testing tool; Postman for this example.

Here is the request/response information through Chrome:

IIS Trace: 2015-12-22 16:18:01 127.0.0.1 OPTIONS /api/v1/sidebar v=1450801081939 443 - 127.0.0.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/47.0.2526.106+Safari/537.36 https://etk.localtest.me/ 404 0 0 6

And here is the same request in Postman:

IIS Trace: 2015-12-22 16:17:14 127.0.0.1 OPTIONS /api/v1/sidebar v=1449874981966 443 - 127.0.0.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/47.0.2526.106+Safari/537.36 - 200 0 0 7

I would believe that my CORS configuration is configured correctly given it works in Postman?

<httpProtocol>
  <customHeaders>
    <remove name="Access-Control-Allow-Origin" />
    <add name="Access-Control-Allow-Origin" value="*" />
    <remove name="Access-Control-Allow-Headers" />
    <add name="Access-Control-Allow-Headers" value="Content-Type, Accept, Authorization" />
    <remove name="Access-Control-Allow-Methods" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
  </customHeaders>
</httpProtocol>

Has anyone else experienced this issue before? Any solutions/fixes?

Answer 1

Preflight requests are created by the browser. From my experience Postman doesn't actually send a preflight request, so if anything is wrong with your CORS configuration, your API calls will work with Postman but not with Chrome.