Enabling CORS with WebAPI PUT/POST requests?

Question

I've tried following this post but I'm still not quite there:

CORS support for PUT and DELETE with ASP.NET Web API

In my web.config I have the following:

<system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <httpProtocol>
      <customHeaders>
        <!-- TODO: don't let anyone make requests - only approved clients -->
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="Content-Type" />
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
      </customHeaders>
    </httpProtocol>
    <handlers>
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" />
      <remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="WebDAV" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_32bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness32" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" modules="IsapiModule" scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll" preCondition="classicMode,runtimeVersionv4.0,bitness64" responseBufferLimit="0" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="WebDAVModule"/>
    </modules>
  </system.webServer>

But in chrome when I make a POST request I get the Not Allowed error:

My request looks like this:

var request = $.ajax({
            async: true,
            url: apiEndpoint + 'api/login',
            type: 'POST',
            data: JSON.stringify(data),
            contentType: "application/json; charset=utf-8",
            dataType: 'json'
        })

apiEndpoint is on localhost but on a different port - the client and api projects are in different solutions.

The POST request eventually makes its way to the server, but I always get an error related to OPTIONS and I never get a cookie saved to the client because of it.

I spent the last couple hours trying to get CORS with WebAPI working:

https://aspnetwebstack.codeplex.com/wikipage?title=CORS%20support%20for%20ASP.NET%20Web%20API

But some assembly versioning issues led to me yanking everything out - hopefully there's a simpler solution.

Answer 1

POST,PUT,DELETE等使用预先发布的CORS.浏览器发送OPTIONS请求.由于您没有处理OPTIONS的操作方法,因此您将获得405.在最简单的形式中,您必须在控制器中实现这样的操作方法.

public HttpResponseMessage Options()
{
    var response = new HttpResponseMessage();
    response.StatusCode = HttpStatusCode.OK;
    return response;
}

需要注意的一点是,您在web.config中配置的customHeaders已经添加了必要的Access-Control-Allow-Origin和Access-Control-Allow-Methods标题.所以动作方法不是这样做的.

在控制器中实现动作方法有效,但可能不是一个好的选择.更好的选择是实现一个为您执行此操作的消息处理程序.一个更好的选择是使用thinktecture身份模型来启用CORS.Web API 2内置了CORS支持(取自ttidm).