Search code examples
asp.net-web-apicorsydn-db

WebAPI2 - Cross Origin scripting issues

I'm trying to access my WebApi service in a framework called YDN-DB. It is a local storage type database. It allows you to load from a URL and I'm trying to do it using a Cross Origin call.

This is the code that creates the XMLHttpRequest and makes the call:

var xhr = new XMLHttpRequest();
xhr.open('GET', url, true);
var me = this;
xhr.onload = function(e) {
    var lines = xhr.responseText.split('\n');
    var documents = [];
    for (var i = 0; i < lines.length; i++) {
        var data = lines[i].split(';');
        if (data.length == 2) {
            for(i=0; i<data.length; i++) {
                // Here, I will be loading the records into the YDN-DB.
            }
        }
    }
    var msg = Documents.length + ' Documents loaded, indexing...';
    me.setStatus(msg);
    var i=0;
    var load = function(i) {
      var n = 50;
      me.db.put('Document', docs.slice(i, i + n)).then(function(keys) {
        i = i + n;
        if (i < docs.length) {
          this.setStatus(msg + ' ' + i);
          load(i);
        } else {
          this.setStatus(msg + ' done.');
        }
      }, function(e) {
        throw e;
      }, me);
    };
};
xhr.send();

I keep getting an error and I cannot figure out why.

XMLHttpRequest cannot load http://localhost:51946/api/Archive/c4020343622d57162cbdc11e603a49d93d64018e5c/1026697/1/10000/D. 
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8040' is therefore not allowed access.

This is my WebAPI function from my controller, I have CORS enabled and from the origin:

[HttpGet]
[ResponseType(typeof(List<string>))]
[Route("api/Archive/{LogonTicket}/{PID}/{MinRow}/{MaxRow}/{Direction}")]
[EnableCors("http://localhost:8040", // Origin
            "Accept, Origin, Content-Type, Options",                                // Request headers
            "GET",                                                                  // HTTP methods
            PreflightMaxAge = 600                                                   // Preflight cache duration
)]
public object Archive(string LogonTicket, int PID, int MinRow, int MaxRow, string Direction)
{
    if (svc.ValidateTicket(LogonTicket, PID))
    {
        List<string> e = mp.GetArchiveJson(PID.ToString(), MinRow, MaxRow, Direction);
        return e;
    }
    else
    {
        throw new AuthenticationException("Invalid LogonTicket");
    }
}

Any ideas?? Do I need to add a second call to the XMLHttpRequest?

Solution

  • Be sure to follow all steps in the documentation regarding "Enable CORS". There's 3 things necessary:

    1. Install the NuGet package. Install-Package Microsoft.AspNet.WebApi.Cors
    2. Enable CORS on the HttpConfiguration. Typically this is in a static method: Register(HttpConfiguration config), include a call to config.EnableCors().
    3. Decorate your controllers or methods with the EnableCors attribute, e.g. [EnableCors(origins: "http://mywebclient.azurewebsites.net", headers: "*", methods: "*")]

    Given your example use of the EnableCors attribute, it's clear you've got #3, which has #1 as a pre-requisite, so you've also got that. Looks like you've missed #2.