Web API CORS support not working on http

1
votes

I have enabled CORS support on my Web API controller and it works fine on https, but on http I'm still getting this o 'Access-Control-Allow-Origin' header is present on the requested resource error.

In WebApiConfig I have enabled cors by using this line:

// Allow cross site javascript calls
config.EnableCors();

And my controller class is introduced like this:

 [EnableCors("*","*","*")]
 public class ExternalDataController : ApiController

So how I can enable CORS on http and https?

On azure raw http logs following lines appear when I create a one call:

2015-05-06 05:53:15 ~1PROJECTX GET /diagnostics/settings X-ARR-LOG-ID=d5d487c0-8d32-4103-98cb-37fd7b022942 443 - 137.116.210.73 Portal-Exp/5.11.2.704+(Websites)+Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML%2C+like+Gecko)+Chrome/42.0.2311.90+Safari/537.36+OPR/29.0.1795.47 - - projectx-development.scm.azurewebsites.net 200 0 0 733 1215 3921
2015-05-06 05:53:20 ~1PROJECTX POST /diagnostics/settings X-ARR-LOG-ID=599cb771-d399-49ee-89a2-6804af7c2712 443 - 137.116.210.73 Portal-Exp/5.11.2.704+(Websites)+Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML%2C+like+Gecko)+Chrome/42.0.2311.90+Safari/537.36+OPR/29.0.1795.47 ARRAffinity=a32808ec0f09a64a5ce1705808bf8a2fb0c447c78db8498153641c9469a96a96 - projectx-development.scm.azurewebsites.net 204 0 0 500 1497 156
2015-05-06 05:53:21 ~1PROJECTX GET /diagnostics/settings X-ARR-LOG-ID=6d7bcfd4-aeeb-4c02-9f02-cf5bd54d2189 443 - 137.116.210.73 Portal-Exp/5.11.2.704+(Websites)+Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML%2C+like+Gecko)+Chrome/42.0.2311.90+Safari/537.36+OPR/29.0.1795.47 ARRAffinity=a32808ec0f09a64a5ce1705808bf8a2fb0c447c78db8498153641c9469a96a96 - projectx-development.scm.azurewebsites.net 200 0 0 732 1301 78
2
asp.net-web-apicors
Please post http RAW headers for client request and response . You may use fiddler to get these details. In addition, you also want to check if the METHOD type is allowed at config level. I have seen that DELETE is not allowed by default and it create this problem as well. - codebased
I'm testing the software from jsfiddle with following call: $.ajax({ type: "GET", url: "projectx-development.azurewebsites.net/Api/ExternalData/Test" }).done(function (data) { alert(data); }).error(function (jqXHR, textStatus, errorThrown) { }); - Panu Oksala
docs.aws.amazon.com/AmazonS3/latest/dev/cors.html - codebased
In web.config I have redirect from http to https... I think that is causing problems. - Panu Oksala

2 Answers

1
votes

Do you use OWIN? Just enable CORS in your Configuration method:

    public void Configuration(IAppBuilder app)
    {
        #region CORS

        app.UseCors(CorsOptions.AllowAll); 

        #endregion
0
votes

Sorry I have not checked at Controller level.

I have the following at WebApi config level and it is working as expected.

 var cors = new EnableCorsAttribute("*", "*", "*") ;
            config.EnableCors(cors);

Similarly if you are using Basic auth then make sure that you set SupportsCredentials value as well

        var cors = new EnableCorsAttribute("*", "*", "*") { SupportsCredentials = true };