Reputation: 119
I have a web client that consumes web api. this is my request:
let peticion = {
attr1: "0000000047",
attr2: "070101201"
};
$.ajax({
type: "POST",
url:"http://161.168.1.33:1210/api/Trabajador/ElTrabajadorYaHaSidoRequeridoEnEsteLocal",
data: JSON.stringify(peticion),
contentType: "application/json; charset=utf-8",
crossDomain: true,
dataType: "json",
success: function (data, status, jqXHR) {
},
error: function (jqXHR, status) {
}
}).then(function (respuesta) {
});
Cors is enabled in the API CONTROLLER, as far i know, that code line enables everything (*) but It is working only for simple request, not for preflighted requests.
[EnableCors(origins: "*", headers: "*", methods: "*")]
so I get the next two errors:
OPTIONS http://161.168.1.33:1210/api/Trabajador/ElTrabajadorYaHaSidoRequeridoEnEsteLocal 404 (Not Found)
http://161.168.1.33:1210/api/Trabajador/ElTrabajadorYaHaSidoRequeridoEnEsteLocal: Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'http://localhost:51939' is therefore not allowed
access.
There is not anything forbidden in http verbs in IIS.
Am i missing something? why is the web api not handling preflighted requests?
Upvotes: 2
Views: 10681
Reputation: 715
I am using PHP with IIS, and in my case the PHP custom framework was handling the OPTION request but the request was not reaching the PHP script.
Here are some parts of web.config which changed this:
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<!--add name="Access-Control-Allow-Origin" value="*" /-->
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Content-Type,app-code,auth-token,myapp-handle-errors-generically" />
</customHeaders>
so commenting the Access-Control-Allow-Origin, and allowing the OPTIONS to be executed on the PHP script:
<handlers>
<remove name="PHP_via_FastCGI" />
<add name="PHP_via_FastCGI" path="*.php" verb="GET,HEAD,POST,PUT,DELETE,OPTIONS" modules="FastCgiModule" scriptProcessor="C:\Program Files\PHP\v7.0\php-cgi.exe" resourceType="Either" requireAccess="Script" />
</handlers>
</system.webServer>
Upvotes: 0
Reputation: 615
You may still need to remove the default IIS OPTIONSVerbHandler
, then add the OPTIONS
verb to appropriate handler(s) to allow the requests to get to your api.
ie your web.config
file will need to be edited along the lines of
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit"/>
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit"/>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0"/>
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
</handlers>
</system.webServer>
be mindful of what verbs you use and to use the correct aspnet_isapi.dll for you.
Upvotes: 1
Reputation: 119
I have just solved it by setting in webconfig
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Methods" value="*" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="*" />
</customHeaders>
and removing this line:
<!--<remove name="OPTIONSVerbHandler" />-->
Anyway, when I remove those customs headers from the webconfig and I add [EnableCors(origins: "*", headers: "*", methods: "*")]
in the Api Controller, I get just one error :
Failed to load http://192.168.1.33:1210/api/Trabajador/ElTrabajadorYaHaSidoRequeridoEnEsteLocal: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:51939' is therefore not allowed access.
I still don't understand what the difference is between enabling cors from the Api controller or from the webconfig
Upvotes: 3