Reputation: 231
Enable CORS on WebAPI appears not working from Postman
I'm trying to enable CORS for specific domains. I've followed everything they say to so on here:
https://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api
I enabled cors on the WebApiConfig. I set the attribute on my controller class with each domain separated by commas. I also tried implementing my own ICorsPolicyProvider class. When I test the code on Postman it's always returning the values despite having a domain not on the list of origins as the origin. I've noticed that the headers returned do not include the Access-Control-Allow-Origin header. I'm using Microsoft.AspNet.WebApi Version 5.2.3. I can't figure out what I'm doing wrong.
Any and all help is greatly appreciated. Thank you.
Upvotes: 2
Views: 2204
Answers (1)
Reputation: 1423
The client (browser or Postman) is responsible for enforcing CORS. The mechanics are such that when JavaScript attempts a cross-origin AJAX call, the browser will check if this is allowed.
Solution in your case: Try making the requests to the controller from JavaScript in a browser and you should see the behaviour you are expecting.
As a Chrome extension, Postman can make requests outside its origin: https://developer.chrome.com/extensions/xhr
Upvotes: 1
Related Questions
- Enable CORS in Web API 2
- CORS not enabled although configured for web API
- Unable to enable CORS in WebAPI 2
- Asp.Net WebApi2 Enable CORS not working with AspNet.WebApi.Cors 5.2.3
- Enable CORS on my Web API not working
- WebAPI MethodNotAllowed when CORS enabled
- WebApi throws 403 error always even whith CORS enabled
- Can't enable CORS for web api
- Web Api 2 CORS not working with POST
- Web API CORS support not working on http