I'm writing WCF services that will be used by clients out in the wild so they need to handle cross-origin requests. I have a problem with enabling my development server to accept such requests. Here is the scenario:
When I run the client project in IE there is no problem because IE does not send the preflight OPTIONS request. When I run it in Chrome however the preflight OPTIONS request returns a 405 Method Not Allowed and Chrome gives up on the service. Previous versions of Chrome would just ignore the error and continue with the actual POST request (or Get, whatever...) but later versions appear to be pickier.
I've also run into this with a deployed WCF project and solved it by moving the OPTIONSVerbHandler to the top of the Handler Mappings list in IIS.
I should point out that I'm using the most generous web.config settings I can think of to try to allow CORS. For instance I have this in the WCF project's configuration:
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="*" />
<add name="Access-Control-Allow-Methods" value="*" />
<add name="X-Powered-By" value="*" />
</customHeaders>
</httpProtocol>
Regardless, any client cross-origin requests to the WCF project running from code fail with the 405 error.
Any help setting up either the WCF project itself or IIS Express 8 to enable CORS?
Thanks!
The answer is that the configuration needed to enable WCF to accept CORS preflight messages has nothing to do with the IIS server; rather the WCF project itself needs to be configured to handle the HTTP request with OPTIONS verb.
Long story short: doing this is REALLY HARD. WCF is a jack of all trades when it comes to endpoints so setting it up to do something very specific with one (HTTP) is not advisable, although it can be done. The real solution is to use Web API, which is a master of HTTP and can be set up to do CORS very simply.