Web API 2 CORS IIS Express Debug and No Access-Control-Allow-Origin header
Empty web.api project, install Microsoft.aspnet.webapi.cors 5.2.3, add
config.EnableCors();
to webapiconfig. make controller and action
public class HomeController : ApiController
{
[EnableCors("*" , "*" , "*")]
public async Task<string> Get()
{
return await Task.FromResult("omg");
}
}
Debug app and Load up fiddler and do a request to http://localhost:61939/api/Home
there are no CORS headers present. web.config contains:
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
what am I missing? Why would this not insert an Access-Control-Allow-Origin header in all request to my Get method?
Also the answer of defining CORS in web.config isn't an answer ... At some point I will need to add origin checking and potentially even checking the HTTP Method something like:
if(requestContext.HttpMethod == "POST" && (origin == "https://someplace.com" || origin == "http://localhost"))
What you've done is enough to enable CORS, you can also enable CORS on all the controllers using this code :
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
I'm not sure how you're testing it, but note that only once the request contains the Origin header, it returns the Access-Control-Allow-Origin header in reponse. If you omit the origin header in the request, the response wouldn't contain the Access-Control-Allow-Origin.
- System.Web.Http is missing after a .NET 4.5 upgrade
- ASP.NET ASMX WebService custom namespace prefix; Building a dotnet service that communicates with both SOAP and REST services
- Parse ajax json response
- How do I return NotFound() IHttpActionResult with an error message or exception?
- GraphQL readiness for .net development
- Method userManager.FindByEmailAsync() returns object with empty UserName and Email
- Execute code before (EVERY) Web API action
- Supporting multiple languages in a REST API
- How update a list in a foreach
- FromBody string parameter is giving null
- Using HttpClient, send an Authorization token with no schema
- Modify odata results after query
- Best practice to return errors in ASP.NET Web API
- "You are debugging a release build" when debug is selected
- Can I use FlurlClient with Asp.Net Core TestServer?
- Pass Enum Parameter to WebApi method
- How to pass ODataQueryOptions to Mediator while allowing input for OData queries only in Swagger?
- How to return a file using Web API?
- How to invoke a NSwag client method that needs bearer token on request header?
- Web API add a Header parameter for all Endpoints in Swagger using NSwag+Owin
- Authorization has been denied for this request - New Web API Project
- Web Api How to add a Header parameter for all API in Swagger
- How do you know the WEB API version of your project?
- Is is safe to store access token in session storage of client browser?
- Save Changes of IConfigurationRoot sections to its *.json file in .net Core 2.2
- How to set large string inside HttpContent when using HttpClient?
- The 'Access-Control-Allow-Origin' header contains multiple values
- How Web API application start event get fired?
- How to resolve error: An unexpected 'StartArray' node was found when reading from the JSON reader. A 'StartObject' node was expected.?
- Return json with lower case first letter of property names