For the last two days I've been struggling with webapi (asp.net) and ajax queries. I have already probably read all possible solutions on the internet and yet it's still not working on my machine.
Steps I already tried with the simple example project (NB: localhost replaced by LH):
[NOT WORKING]
public static void Register(HttpConfiguration config)
{
config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
// omitted
}
[NOT WORKING]
[EnableCors("*", "*", "GET,POST,PUT,OPTIONS")]
public class ValuesController : ApiController
{ /* code goes here */}
[NOT WORKING]
[EnableCors("*","*","PUT")]
public void Put(int id, string value)
{
values[id] = value;
}
[NOT WORKING]
I also did tried adding these:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
</customHeaders>
</httpProtocol>
[NOT WORKING]
And for the last I did the same as point 4 using the IIS management.
Results from FF F12 tools network panel:
GET LH:8821/api/values 200 OK 229ms ["Item1", "Item2", "Item3"]
PUT LH:8821/api/values 405 Method Not Allowed 114ms "NetworkError: 405 Method Not Allowed - LH:8821/api/values"
POST LH:8821/api/values 405 Method Not Allowed 123ms "NetworkError: 405 Method Not Allowed - LH:8821/api/values"
Is it me doing something wrong, or am I missing some other settings?
The best result I achieved is the GET and POST working, but then when it comes to PUT I always get 405 - why?
For some CORS requests, the browser/jQuery/ajax sends an additional request, called a "preflight request", before it sends the actual request for the resource, as cross-site requests may have implications to user data.
The browser/jQuery/ajax can skip the preflight request if the following conditions are true:
GET, HEAD, or POST, andThe above was only slightly adapted from the information in this link (under "Preflight Requests").
Unlike simple requests, "preflighted" requests first send an HTTP request by the OPTIONS method to the resource on the other domain, in order to determine whether the actual request is safe to send.
My guess is that you don't have an action method that handles OPTIONS in your controller, hence you are getting a 405, i.e. the error relates to the "stealthy" OPTIONS request and not your PUT. In its simplest form, you could implement an action method like this in your controller.
public HttpResponseMessage Options()
{
var response = new HttpResponseMessage();
response.StatusCode = HttpStatusCode.OK;
return response;
}
In addition, it may help if you disable the WebDAV IIS module and set the runAllManagedModulesForAllRequests="true" setting in your web.config:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule"/>
</modules>
<handlers>
<remove name="WebDAV" />
</handlers>
</system.webServer>
I'm sure you have read a lot of articles about this, so you may have tried some or all of what I said already but, as it wasn't already stated in your question, I thought it was worth a mention here.
By the way, if you haven't read this already, this article by Brock Allen is an absolute must-read for anyone messing about with CORS in Web API 2.