CORS error between Web Api 2 & Angular

Question

I have two servers: App & Web, App is hosting a web api 2 API secured by OWIN, Web is an Angular 1.6 application that calls the api.

My headers look like this:

Request:

Host: app
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization
Origin: http://mysite
Connection: keep-alive

Response:

Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: *
Allow: GET
Content-Length: 83
Content-Type: text/html; charset=utf-8
Date: Tue, 11 Apr 2017 16:41:04 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET

I've opened up my web.config to include:

<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Methods" value="*" />
    <add name="Access-Control-Allow-Headers" value="*" />
  </customHeaders>
</httpProtocol>

I also have:

config.EnableCors(new EnableCorsAttribute("*", "*", "*"));

My error is:

Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘(null)'

What am I missing here and how do I make the CORS error go away?

Answer 1

Of course shortly after posting the question, I figured it out: my issue was two fold:

I needed to remove

config.EnableCors(new EnableCorsAttribute("*", "*", "*"));

from WebApiConfig.cs

And then in Startup.cs

I needed to move

app.UseCors(CorsOptions.AllowAll);

To the top.

The web.config section was also safely removed at that point.

Credit to: Dreaded CORS issue with WebAPI and token