c# - How to enable CORS via attribute instead of via Application

i've been having cors configuration issue on hour , can't find question helps me understand situation.

i have xhr firing on staging domain preflight options request returning 400, , post not being sent because cors header permit isn't present.

i have config.enablecors(); in webapiconfig.cs , using nuget package microsoft asp.net web api 2.2 cross-origin support (microsoft.aspnet.webapi.cors v5.23)

i set default instead of using empty constructor, having seen this question webapiconfig lines are:

var defaultcors = new enablecorsattribute("*", "*", "*"); config.enablecors(defaultcors);

i don't mind i'd prefer not setting here @ all. in case, isn't working.

errors when options request handled global.asax.cs doesn't write header:

options http://staging.example.com:8044/controller/action xmlhttprequest cannot load http://staging.example.com:8044/controller/action. no 'access-control-allow-origin' header present on requested resource. origin 'http://staging.example.co.uk:8044' therefore not allowed access.

error looks when request isn't handled in global.asax.cs:

options http://staging.example.com:8044 xmlhttprequest cannot load http://staging.example.com:8044/controller/action. invalid http status code 400

have been able access api cross-domain using solution in global.asax.cs:

protected void application_beginrequest() {     if (request.headers.allkeys.contains("origin") && request.httpmethod == "options")     {         if (httpcontext.current.request.httpmethod == "options")         {             //these headers handling "pre-flight" options call sent browser             httpcontext.current.response.addheader("access-control-allow-origin", "http://staging.example.com:8044");             httpcontext.current.response.addheader("access-control-allow-methods", "get, post");             httpcontext.current.response.addheader("access-control-allow-headers", "accepts, content-type, origin, x-my-header");             httpcontext.current.response.addheader("access-control-max-age", "60");             httpcontext.current.response.end();         }     } }

want doing this:

[enablecors("http://www.example.com", "*", "get,post")] public sealed class controllercontroller : apicontroller {     [enablecors("http://staging.example.com:8044,http://www.example.com", "*", "post")]     [httppost]     public async task<httpresponsemessage> action([frombody] modelledinput input)     {         ...     } }

i can't understand why cors attribute isn't handling preflight request, though understand why beginrequest is. want cors control managed on controller or action level, not globally. thought might httppost attribute removing didn't work.

i'm open suggestion have done wrong or request may being filtered or handled higher - i'm not address i'm not happy handle cors globally.

i'd appreciate help!

protected void application_beginrequest() {      if (httpcontext.current.request.httpmethod == "options")     {         //these headers handling "pre-flight" options call sent browser         httpcontext.current.response.addheader("access-control-allow-origin", "http://staging.example.com:8044");         httpcontext.current.response.addheader("access-control-allow-methods", "get, post");         httpcontext.current.response.addheader("access-control-allow-headers", "accepts, content-type, origin, x-my-header");         httpcontext.current.response.addheader("access-control-max-age", "60");         httpcontext.current.response.end();     }  }

the code above mentioned worked me

WIKI

Search This Blog

c# - How to enable CORS via attribute instead of via Application_BeginRequest when preflight is failing -

Comments

Post a Comment