Asp.Net WebApi2 Enable CORS not working with AspNet.WebApi.Cors 5.2.3
I tried to follow the steps at http://enable-cors.org/server_aspnet.html to have my RESTful API (implemented with ASP.NET WebAPI2) work with cross origin requests (CORS Enab
-
WEBAPI2:SOLUTION. global.asax.cs:
var cors = new EnableCorsAttribute("*", "*", "*"); config.EnableCors(cors);IN solution explorer, right-click api-project. In properties window set 'Anonymous Authentication' to Enabled !!!
Hope this helps someone in the future.
讨论(0) -
I just experienced this same issue, trying to enable CORS globally. However I found out it does work, however only when the request contains a
Originheader value. If you omit theoriginheader value, the response will not contain aAccess-Control-Allow-Origin.I used a chrome plugin called DHC to test my GET request. It allowed me to add the
Originheader easily.讨论(0) -
I found this question because I was having issues with the OPTIONS request most browsers send. My app was routing the OPTIONS requests and using my IoC to construct lots of objects and some were throwing exceptions on this odd request type for various reasons.
Basically put in an ignore route for all OPTIONS requests if they are causing you problems:
var constraints = new { httpMethod = new HttpMethodConstraint(HttpMethod.Options) }; config.Routes.IgnoreRoute("OPTIONS", "{*pathInfo}", constraints);More info: Stop Web API processing OPTIONS requests
讨论(0) -
None of these answers really work. As others noted the Cors package will only use the Access-Control-Allow-Origin header if the request had an Origin header. But you can't generally just add an Origin header to the request because browsers may try to regulate that too.
If you want a quick and dirty way to allow cross site requests to a web api, it's really a lot easier to just write a custom filter attribute:
public class AllowCors : ActionFilterAttribute { public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext) { if (actionExecutedContext == null) { throw new ArgumentNullException("actionExecutedContext"); } else { actionExecutedContext.Response.Headers.Remove("Access-Control-Allow-Origin"); actionExecutedContext.Response.Headers.Add("Access-Control-Allow-Origin", "*"); } base.OnActionExecuted(actionExecutedContext); } }Then just use it on your Controller action:
[AllowCors] public IHttpActionResult Get() { return Ok("value"); }I won't vouch for the security of this in general, but it's probably a lot safer than setting the headers in the web.config since this way you can apply them only as specifically as you need them.
And of course it is simple to modify the above to allow only certain origins, methods etc.
讨论(0) -
After some modifications in my Web.config CORS suddenly stopped working in my Web API 2 project (at least for OPTIONS request during the preflight). It seems that you need to have the section mentioned below in your Web.config or otherwise the (global) EnableCorsAttribute will not work on OPTIONS requests. Note that this is the exact same section Visual Studio will add in a new Web API 2 project.
<system.webServer> <handlers> <remove name="ExtensionlessUrlHandler-Integrated-4.0"/> <remove name="OPTIONSVerbHandler"/> <remove name="TRACEVerbHandler"/> <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/> </handlers> </system.webServer>讨论(0) -
I just added custom headers to the Web.config and it worked like a charm.
On configuration - system.webServer:
<httpProtocol> <customHeaders> <add name="Access-Control-Allow-Origin" value="*" /> <add name="Access-Control-Allow-Headers" value="Content-Type" /> </customHeaders> </httpProtocol>I have the front end app and the backend on the same solution. For this to work, I need to set the web services project (Backend) as the default for this to work.
I was using ReST, haven't tried with anything else.
讨论(0)
加载中...
- 热议问题