I'm attempting to make a pretty straightforward fetch request to one of our business' APIs (back end running .NET Core 3.1/ASP Core MVC), and it's giving me an inconsistent result. If the length of the token value passed via a formdata field is greater than about 1000 characters, the request gets stopped with a CORS error (the pretty standard "has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource"), but below that length the request goes through without issue. Running on Chrome or on Firefox both give me a CORS error about missing this header value. There aren't any specific limits on input size set within the API itself or the IIS server it's running on, so I'm at a loss for what might be going on.
I'm assuming this is one of those times when a CORS error is really just masking something else going on. Is there something obvious I'm overlooking?
obj = {
data: {
idToken: "A".repeat(1200) // just for testing purposes
}
};
str = JSON.stringify(obj);
const fd = new FormData();
fd.append("token", str);
const BaseURL = "https://XXXX";
const url = `${BaseURL}/api/YYY/getLocations`;
fetch(url, {
method: 'post',
body: fd,
})
.then...
It turned out that the network appliance that handled requests to all of our externally visible API's was imposing a strict size limit on all incoming requests. Once that was lifted to a higher level, everything worked as expected.