CORS is enable in Web API but access is denied
I am prety sure CORS is enable in my Web API project but access is denied. Perhaps I misconfigure it?
Error:
Access to XMLHttpRequest at 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart' from origin 'http://localhost:55817' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
Ajax call:
<script type="text/javascript">
$(document).ready(function ()
var _tableId = 'tableCriticalParts';
var _table = $('#' + _tableId).DataTable(
"processing": true,
"serverSide": true,
"ajax":
url: 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart',
type: 'POST',
contentType: "application/json",
data: function (data)
//debugger;
var model =
draw: data.draw,
start: data.start,
length: data.length,
columns: data.columns,
search: data.search,
order: data.order
;
return JSON.stringify(model);
,
failure: function (result)
debugger;
alert("Error occurred while trying to get data from server: " + result.sEcho);
,
error: function (XMLHttpRequest, textStatus, errorThrown)
debugger;
alert("Error occurred while trying to get data from server!");
,
dataSrc: function (json)
debugger;
for (key in json.Data) json[key] = json.Data[key];
delete json['Data'];
return json.data;
,
"columns": [
"data": "partNumber", title: "partNumber" ,
"data": "partDescription", title: "partDescription"
]
);
);
</script>
Web.config of Web API project:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>
WebApiConfig in Web API project:
public static class WebApiConfig
public static void Register(HttpConfiguration config)
config.EnableCors();
// Web API configuration and services
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/controller/id",
defaults: new id = RouteParameter.Optional
);
//set API to return JSON
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));
c# ajax asp.net-web-api cors
add a comment |
I am prety sure CORS is enable in my Web API project but access is denied. Perhaps I misconfigure it?
Error:
Access to XMLHttpRequest at 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart' from origin 'http://localhost:55817' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
Ajax call:
<script type="text/javascript">
$(document).ready(function ()
var _tableId = 'tableCriticalParts';
var _table = $('#' + _tableId).DataTable(
"processing": true,
"serverSide": true,
"ajax":
url: 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart',
type: 'POST',
contentType: "application/json",
data: function (data)
//debugger;
var model =
draw: data.draw,
start: data.start,
length: data.length,
columns: data.columns,
search: data.search,
order: data.order
;
return JSON.stringify(model);
,
failure: function (result)
debugger;
alert("Error occurred while trying to get data from server: " + result.sEcho);
,
error: function (XMLHttpRequest, textStatus, errorThrown)
debugger;
alert("Error occurred while trying to get data from server!");
,
dataSrc: function (json)
debugger;
for (key in json.Data) json[key] = json.Data[key];
delete json['Data'];
return json.data;
,
"columns": [
"data": "partNumber", title: "partNumber" ,
"data": "partDescription", title: "partDescription"
]
);
);
</script>
Web.config of Web API project:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>
WebApiConfig in Web API project:
public static class WebApiConfig
public static void Register(HttpConfiguration config)
config.EnableCors();
// Web API configuration and services
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/controller/id",
defaults: new id = RouteParameter.Optional
);
//set API to return JSON
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));
c# ajax asp.net-web-api cors
add a comment |
I am prety sure CORS is enable in my Web API project but access is denied. Perhaps I misconfigure it?
Error:
Access to XMLHttpRequest at 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart' from origin 'http://localhost:55817' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
Ajax call:
<script type="text/javascript">
$(document).ready(function ()
var _tableId = 'tableCriticalParts';
var _table = $('#' + _tableId).DataTable(
"processing": true,
"serverSide": true,
"ajax":
url: 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart',
type: 'POST',
contentType: "application/json",
data: function (data)
//debugger;
var model =
draw: data.draw,
start: data.start,
length: data.length,
columns: data.columns,
search: data.search,
order: data.order
;
return JSON.stringify(model);
,
failure: function (result)
debugger;
alert("Error occurred while trying to get data from server: " + result.sEcho);
,
error: function (XMLHttpRequest, textStatus, errorThrown)
debugger;
alert("Error occurred while trying to get data from server!");
,
dataSrc: function (json)
debugger;
for (key in json.Data) json[key] = json.Data[key];
delete json['Data'];
return json.data;
,
"columns": [
"data": "partNumber", title: "partNumber" ,
"data": "partDescription", title: "partDescription"
]
);
);
</script>
Web.config of Web API project:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>
WebApiConfig in Web API project:
public static class WebApiConfig
public static void Register(HttpConfiguration config)
config.EnableCors();
// Web API configuration and services
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/controller/id",
defaults: new id = RouteParameter.Optional
);
//set API to return JSON
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));
c# ajax asp.net-web-api cors
I am prety sure CORS is enable in my Web API project but access is denied. Perhaps I misconfigure it?
Error:
Access to XMLHttpRequest at 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart' from origin 'http://localhost:55817' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
Ajax call:
<script type="text/javascript">
$(document).ready(function ()
var _tableId = 'tableCriticalParts';
var _table = $('#' + _tableId).DataTable(
"processing": true,
"serverSide": true,
"ajax":
url: 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart',
type: 'POST',
contentType: "application/json",
data: function (data)
//debugger;
var model =
draw: data.draw,
start: data.start,
length: data.length,
columns: data.columns,
search: data.search,
order: data.order
;
return JSON.stringify(model);
,
failure: function (result)
debugger;
alert("Error occurred while trying to get data from server: " + result.sEcho);
,
error: function (XMLHttpRequest, textStatus, errorThrown)
debugger;
alert("Error occurred while trying to get data from server!");
,
dataSrc: function (json)
debugger;
for (key in json.Data) json[key] = json.Data[key];
delete json['Data'];
return json.data;
,
"columns": [
"data": "partNumber", title: "partNumber" ,
"data": "partDescription", title: "partDescription"
]
);
);
</script>
Web.config of Web API project:
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>
WebApiConfig in Web API project:
public static class WebApiConfig
public static void Register(HttpConfiguration config)
config.EnableCors();
// Web API configuration and services
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/controller/id",
defaults: new id = RouteParameter.Optional
);
//set API to return JSON
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));
c# ajax asp.net-web-api cors
c# ajax asp.net-web-api cors
edited Nov 15 '18 at 3:26
Pop
asked Nov 15 '18 at 3:21
PopPop
15010
15010
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Since the line config.EnableCors()
enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.
You can try adding a global CORS configuration when enabling it, such as:
public static class WebApiConfig
public static void Register(HttpConfiguration config)
var corsAttr = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(corsAttr);
// Rest of config ...
I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders>
from your web.config.
Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53311931%2fcors-is-enable-in-web-api-but-access-is-denied%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Since the line config.EnableCors()
enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.
You can try adding a global CORS configuration when enabling it, such as:
public static class WebApiConfig
public static void Register(HttpConfiguration config)
var corsAttr = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(corsAttr);
// Rest of config ...
I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders>
from your web.config.
Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)
add a comment |
Since the line config.EnableCors()
enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.
You can try adding a global CORS configuration when enabling it, such as:
public static class WebApiConfig
public static void Register(HttpConfiguration config)
var corsAttr = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(corsAttr);
// Rest of config ...
I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders>
from your web.config.
Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)
add a comment |
Since the line config.EnableCors()
enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.
You can try adding a global CORS configuration when enabling it, such as:
public static class WebApiConfig
public static void Register(HttpConfiguration config)
var corsAttr = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(corsAttr);
// Rest of config ...
I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders>
from your web.config.
Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)
Since the line config.EnableCors()
enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.
You can try adding a global CORS configuration when enabling it, such as:
public static class WebApiConfig
public static void Register(HttpConfiguration config)
var corsAttr = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(corsAttr);
// Rest of config ...
I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders>
from your web.config.
Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)
edited Nov 15 '18 at 4:44
answered Nov 15 '18 at 4:08
Kyle PolanskyKyle Polansky
36136
36136
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53311931%2fcors-is-enable-in-web-api-but-access-is-denied%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown