Enabling CORS for Web API in Azure Web Apps

2
votes

I have deployed a Web API project to Azure Web app. And from a angularjs app I am trying a $http.get request to the API. but it gives a CORS(cross-origin) exception though I have enabled it in my Web API startup config

 app.UseCors(CorsOptions.AllowAll);

I want to Enable CORS for Azure Web App, that would solve the problem I believe

EDIT http://nearestbuyweb.azurewebsites.net/ this is the URL of the Web app. It is trying to access http://nearestbuyapi.azurewebsites.net/api/MenuBar where the exception occurs.

I think it is not possible with Azure Web App. MSDN Question

Please help!

5
azureasp.net-web-apiazure-web-app-service
Just to clarify, do you get the CORS exception when your site tries to make an API call to a 2nd site, or do you get it when a 2nd site tries to make an API call to your site? Enabling CORS on your site will only enable the 1st scenario. - Zain Rizvi
when I access Web api from my Web project I get the error. I want to basically enable CORS for Azure Web app - Dhanilan

5 Answers

3
votes

Note: You use CORS settings to let other websites access your site's API. Not to access other site's APIs.

Based on your comments it sounds like you're getting the CORS error when you try to make external requests from your site. That's exactly the behavior CORS is supposed to block.

For the errors to go away you would have to apply the CORS config settings on the site who's API you're trying to access.

In your case you want to make sure you're applying the config changes on the http://nearestbuyapi.azurewebsites.net site. NOT on http://nearestbuyweb.azurewebsites.net/

2
votes
<system.webServer>
    <httpProtocol>
        <customHeaders>
            <clear />
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Headers" value="Content-Type" />
            <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
        </customHeaders>
    </httpProtocol>
</system.webServer>
2
votes

I have CORS in Azure working using this:

WebApiConfig.cs:

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        // Web API configuration and services
        config.EnableCors();

        // Web API routes
        config.MapHttpAttributeRoutes();

        config.Routes.MapHttpRoute(
            name: "PublicApi",
            routeTemplate: "api/v1/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );

    }
}

Web.config:

  <system.webServer>
  <handlers>
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers></system.webServer>
1
votes

You need to remove the options handler in IIS using web.config. http://eugeneagafonov.com/post/38312919044/iis-options-cors-aspnet-webapi-en

0
votes

Sorry Guys,

The issue happens only at my corporate network. Having googled I found that corporate network can be disable CORS requests . Found this here link