OWIN preflight requests are not processed

1
votes

All preflight requests from browsers to my Self-Host OWIN WebAPI are not processed by Middleware. If I make OPTIONS request from Postman they are processed. Why is such a behaviour?

Request URL:http://localhost:9000/api/v1/conversations/create?connectionId=13509f44-eacb-4950-8cc8-71bd37098975

Request Method:OPTIONS

Status Code:401 Unauthorized Remote

Address:[::1]:9000

Accept:/

Accept-Encoding:gzip, deflate, sdch, br

Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4

Access-Control-Request-Headers:content-type

Access-Control-Request-Method:POST

Connection:keep-alive

Host:localhost:9000

Origin:http://localhost:8080

Referer:http://localhost:8080/

User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

Response Headers for Chrome:

Content-Length:0

Date:Wed, 08 Feb 2017 04:17:26 GMT

Server:Microsoft-HTTPAPI/2.0

WWW-Authenticate:NTLM

Response headers for Postman:

Access-Control-Allow-Credentials →true

Access-Control-Allow-Origin →chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop

Allow →POST

Content-Length →76

Content-Type →application/json; charset=utf-8

Date →Wed, 08 Feb 2017 04:21:02 GMT

Server →Microsoft-HTTPAPI/2.0

I added fake middleware to my appbuilder:

public void BuildWebApi(IAppBuilder appBuilder)
    {
        appBuilder.Use(async (ctx, next) =>
        {
            await next();
        });

and put breakpoint to line "await next()". So breakpoint doesn't stop while browser makes preflight request and stops while postman OPTIONS response.

1
c#.netcorsowin
stackoverflow.com/questions/24989769/… and stackoverflow.com/questions/20079813/… may be relevant. Also it would probably help if you also included the request headers in your question.sideshowbarker
UseCors not working because it also in background adds middleware that are not invoked on preflight requests from Chrome. Of course I've added UserCors() and config.EnableCors() but it has no effect.Argnist
OK, so stackoverflow.com/questions/20079813/… does not help you?sideshowbarker
No, I haven't any xml config because of Self-Host. I've added request headers to question.Argnist
Please read the answer at stackoverflow.com/questions/20079813/…. It doesn’t use any XML config. Instead it involves: (1) Installing the Microsoft.AspNet.WebApi.Cors nuget package, the Microsoft.Owin.Cors nuget package, and then (2) adding config.EnableCors(new EnableCorsAttribute("*", "*", "GET, POST, OPTIONS, PUT, DELETE")) above the WebApiConfig.Register(config) line in the Startup.cs file, then (3) adding app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll) to the Startup.Auth.cs file. No XML config.sideshowbarker

1 Answers

4
votes

Solved this by 

HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemeSelectorDelegate = request =>
{
   if (request.HttpMethod == "OPTIONS")
   {
       return AuthenticationSchemes.Anonymous;
   }
};