CODEWITHSUNDEEP
corsservicestack
lucuma
lucuma

Reputation: 18339

ServiceStack Javascript/Typescript client and CORS

According to the documentation, I believe this is the only line required to enable CORS:

Plugins.Add(new CorsFeature());

Then from a different website:

var client = new JsonServiceClient('https://my-app.azurewebsites.net');
client.get(new something());

Error returned is:

Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'.

There is no authentication, I'm using all the defaults, what is missing here in the setup for the JsonServiceClient to make a call to a different server?

Upvotes: 1

Views: 639

Answers (3)

Mher Arsh
Mher Arsh

Reputation: 597

I configured the service as mentioned above: 

Plugins.Add(new CorsFeature(
      allowCredentials: true,
      allowedMethods: "GET, POST, PUT, DELETE, OPTIONS",
      allowedHeaders: "Content-Type, Allow, Authorization, Origin",
      allowOriginWhitelist: new[]
             {
                    "http://localhost:4200",
                    "http://localhost:63342",
                    "http://localhost:63342",
                    "http://localhost:3000",
                    "http://my.site.com"
             }));

and I have 2 functions Login() and GetContacts()

class AppComponent {
***
      constructor(){
        this.client = new JsonServiceClient("http://my.site.com");
        this.client.credentials = "omit";
      }

      async Login(){

        var auth = new wbs.Authenticate();
        auth.UserName = this.username;
        auth.Password = this.password;

        var authResponse = await this.client.post(auth);

        console.log(authResponse);
      }

      async GetContacts(){
        try {
          this.contacts = await this.client.post("Contacts_Get");
          console.log(this.contacts);
        } catch(e) {
          this.contacts = [];
          console.log("Failed to get:", e.responseStatus);
        }
      }
}

"servicestack-client": "0.0.30",

I call these functions in turn:

1. Login()
2. ContactsGet()

The login runs fine, but in Internet explorere and Safari ContactsGet fails, it returns status 401, but works in Chrome.

Help please in what my error? Thanks!

enter image description here

enter image description here

enter image description here

UPDATE

IIS settings

enter image description here

Upvotes: 2

lucuma
lucuma

Reputation: 18339

The issue ended up being on the JsonServiceClient. I had to set the credentials to be omitted.

client.credentials="omit"

Upvotes: 3

Darren Reid
Darren Reid

Reputation: 2322

The default for the CorsFeature doesn't have allow credentials enabled. Try changing the server to the following.

Plugins.Add(new CorsFeature(allowCredentials: true));

The client will need to include credentials if you are trying to hit an endpoint that requires them to be sent.

EDIT: Given (I think) you are trying to git an authenticated endpoint from another domain, here is an example of what I use to do the same. Domains have been changed.

Plugins.Add(new CorsFeature(
    allowCredentials: true,
    allowedHeaders: "Content-Type, Allow, Authorization, Origin",
    allowOriginWhitelist: new[]
    {
        "https://example.com",
        "https://api.example.com",
        "https://www.example.com",
        "http://dev.example.com"
    }
));

Upvotes: 5

Related Questions