CODEWITHSUNDEEP
javascript.netxmlhttprequestcors
nick zoum
nick zoum

Reputation: 7285

JavaScript XMLHttpRequest with credentials to ASP.NET API

I am trying to do a post request withCredentials = true, but I get a CORS error on the console after sending the request.

This is the Controller I am trying to reach:

[RoutePrefix("Account")]
public class AccountController : ApiController;

This is the Action I am trying to reach:

[HttpPost]
[Route("Login")]
public IHttpActionResult Login(LoginDto dto);

I have added this line in WebApiConfig:

config.EnableCors(new EnableCorsAttribute("http://localhost", "*", "*"));

And here is what I use to do Post Requests with Javascript

function createCORSRequest(method, url) {
    var xhr = new XMLHttpRequest();
    xhr.withCredentials = true;
    if (xhr.withCredentials != undefined) {
        xhr.open(method, url, true);
    } else if (typeof XDomainRequest != "undefined") {
        xhr = new XDomainRequest();
        xhr.open(method, url);
    } else {
        xhr = null;
    }
    return xhr;
}

function post(url, data) {
    return new Promise(
        function httpPromise (resolve, reject) {
            var request = createCORSRequest("post", url);
            if (request) {
                request.setRequestHeader('Accept', 'application/json');
                request.setRequestHeader('Content-Type', 'application/json');
                request.onloadend = function (progress) {
                    var status = request.status;
                    var result = JSON.parse(request.response || "null");
                    if (status >= 200 && status < 300) resolve(result);
                    else reject(result ? result.Message || result : result);
                };
                request.send(data);
            }
        });
}

Below is the Error Message that appears in the console.

XMLHttpRequest cannot load http://localhost:54368/Account/Login. Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'http://localhost' is therefore not allowed access. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

Upvotes: 2

Views: 1320

Answers (1)

sideshowbarker
sideshowbarker

Reputation: 88036

You need to give specify SupportsCredentials = true in your config.EnableCors(…) call:

config.EnableCors(new EnableCorsAttribute("http://localhost", "*", "*")
{ SupportsCredentials = true });

Upvotes: 1

Related Questions