Search code examples
jqueryasp.netasp.net-mvccorsweb-config

JQuery GET request returns missing CORS origin

OK, I have 3 servers that need to communicate together for a GET request. But I keep getting the origin is missing error, I can see the information that I want to receive in postman (so I know that my url's and passing on information works).

  1. Server with a public website from which the request starts (JQuery), this is on a different domain then the next 2 servers.
  2. Security server with application, to make sure that the database doesn't have a direct link with the public website.
  3. Server with the same as server 2 application + main application & database (I have been made aware that this server is irrelevant for cors)

JQuery 

function GetData(nummer, insz) {
    showLoader(true);
    var func = function (host) {
        $.ajax({
            type: "GET",
            url: host + "/api/GetList/" + number + "/" + version + "/" + typeId + "/" + extraPriority,
            error: function () { alert('ERROR'); showLoader(false); showEmptyTableMessage(true); }
        }).then(function (data) {
            drawTable(data);
            showLoader(false);
        });
    };

    func(URLTOSERVER);

    FindServerUrlAsync(func);
}

function FindServerUrlAsync(callback) {
    $.ajax({
        type: "GET",
        url: "/settings/ServerType"
    }).then(function (serverType) {
        var isDmz = (serverType === 'Dmz');
        if (isDmz) {
            $.ajax({
                type: "GET",
                url: "/settings/ServerUrl"
            }).then(function (serverUrl) {
                callback(serverUrl);
            });
        } else {
            callback("");
        }
    });
}

The second server goes into a asp.net application controller (mvc) that uses an async request from an httpclient from the database.

web.config

<httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />
  </customHeaders>
</httpProtocol>

ASP.NET Startup

var corsBuilder = new CorsPolicyBuilder();
corsBuilder.AllowAnyHeader();
corsBuilder.AllowAnyMethod();
corsBuilder.AllowAnyOrigin();
corsBuilder.AllowCredentials();

services.AddCors(options =>
{
    options.AddPolicy("AllowAll", corsBuilder.Build());
});

app.UseCors("AllowAll");

The request goes into the same asp.net application controller only in a different method / action (and obviously server). The web.config doesn't have a httprotocol (since I have been made aware that it's unnecessary).

I have been looking at this for a while now. But I can't seem to get it to work.

Edited

Solution

  • The problem was a combination of the following:

    • Firewall SNAT was not configured correctly
    • Hosts file also not configured correctly
    • Changes needed to the application to allow CORS

    We eventually (after a few years) created a new MVC REST API Service. So I can't recall what application changes were made to make it work at the time.

    This is our current Cors application code that makes it work.

    In the App_Start -> WebApiConfig class for both the security service and the final (server) service application

    public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        EnableCorsAttribute enableCorsAttribute = new EnableCorsAttribute("*", "*", "*");
        config.EnableCors(enableCorsAttribute);
        config.MapHttpAttributeRoutes();
    }
}