CORS is enable in Web API but access is denied










1















I am prety sure CORS is enable in my Web API project but access is denied. Perhaps I misconfigure it?



Error:




Access to XMLHttpRequest at 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart' from origin 'http://localhost:55817' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.




Ajax call:



<script type="text/javascript">
$(document).ready(function ()
var _tableId = 'tableCriticalParts';
var _table = $('#' + _tableId).DataTable(
"processing": true,
"serverSide": true,
"ajax":
url: 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart',
type: 'POST',
contentType: "application/json",
data: function (data)
//debugger;
var model =
draw: data.draw,
start: data.start,
length: data.length,
columns: data.columns,
search: data.search,
order: data.order
;
return JSON.stringify(model);
,
failure: function (result)
debugger;
alert("Error occurred while trying to get data from server: " + result.sEcho);
,
error: function (XMLHttpRequest, textStatus, errorThrown)
debugger;
alert("Error occurred while trying to get data from server!");

,
dataSrc: function (json)
debugger;
for (key in json.Data) json[key] = json.Data[key];
delete json['Data'];
return json.data;


,
"columns": [
"data": "partNumber", title: "partNumber" ,
"data": "partDescription", title: "partDescription"
]
);
);
</script>


Web.config of Web API project:



<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>


WebApiConfig in Web API project:



public static class WebApiConfig

public static void Register(HttpConfiguration config)

config.EnableCors();

// Web API configuration and services

// Web API routes
config.MapHttpAttributeRoutes();

config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/controller/id",
defaults: new id = RouteParameter.Optional
);

//set API to return JSON
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));











share|improve this question




























    1















    I am prety sure CORS is enable in my Web API project but access is denied. Perhaps I misconfigure it?



    Error:




    Access to XMLHttpRequest at 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart' from origin 'http://localhost:55817' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.




    Ajax call:



    <script type="text/javascript">
    $(document).ready(function ()
    var _tableId = 'tableCriticalParts';
    var _table = $('#' + _tableId).DataTable(
    "processing": true,
    "serverSide": true,
    "ajax":
    url: 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart',
    type: 'POST',
    contentType: "application/json",
    data: function (data)
    //debugger;
    var model =
    draw: data.draw,
    start: data.start,
    length: data.length,
    columns: data.columns,
    search: data.search,
    order: data.order
    ;
    return JSON.stringify(model);
    ,
    failure: function (result)
    debugger;
    alert("Error occurred while trying to get data from server: " + result.sEcho);
    ,
    error: function (XMLHttpRequest, textStatus, errorThrown)
    debugger;
    alert("Error occurred while trying to get data from server!");

    ,
    dataSrc: function (json)
    debugger;
    for (key in json.Data) json[key] = json.Data[key];
    delete json['Data'];
    return json.data;


    ,
    "columns": [
    "data": "partNumber", title: "partNumber" ,
    "data": "partDescription", title: "partDescription"
    ]
    );
    );
    </script>


    Web.config of Web API project:



    <system.webServer>
    <httpProtocol>
    <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Headers" value="Content-Type" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
    </customHeaders>
    </httpProtocol>
    </system.webServer>


    WebApiConfig in Web API project:



    public static class WebApiConfig

    public static void Register(HttpConfiguration config)

    config.EnableCors();

    // Web API configuration and services

    // Web API routes
    config.MapHttpAttributeRoutes();

    config.Routes.MapHttpRoute(
    name: "DefaultApi",
    routeTemplate: "api/controller/id",
    defaults: new id = RouteParameter.Optional
    );

    //set API to return JSON
    config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));











    share|improve this question


























      1












      1








      1








      I am prety sure CORS is enable in my Web API project but access is denied. Perhaps I misconfigure it?



      Error:




      Access to XMLHttpRequest at 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart' from origin 'http://localhost:55817' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.




      Ajax call:



      <script type="text/javascript">
      $(document).ready(function ()
      var _tableId = 'tableCriticalParts';
      var _table = $('#' + _tableId).DataTable(
      "processing": true,
      "serverSide": true,
      "ajax":
      url: 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart',
      type: 'POST',
      contentType: "application/json",
      data: function (data)
      //debugger;
      var model =
      draw: data.draw,
      start: data.start,
      length: data.length,
      columns: data.columns,
      search: data.search,
      order: data.order
      ;
      return JSON.stringify(model);
      ,
      failure: function (result)
      debugger;
      alert("Error occurred while trying to get data from server: " + result.sEcho);
      ,
      error: function (XMLHttpRequest, textStatus, errorThrown)
      debugger;
      alert("Error occurred while trying to get data from server!");

      ,
      dataSrc: function (json)
      debugger;
      for (key in json.Data) json[key] = json.Data[key];
      delete json['Data'];
      return json.data;


      ,
      "columns": [
      "data": "partNumber", title: "partNumber" ,
      "data": "partDescription", title: "partDescription"
      ]
      );
      );
      </script>


      Web.config of Web API project:



      <system.webServer>
      <httpProtocol>
      <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
      <add name="Access-Control-Allow-Headers" value="Content-Type" />
      <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
      </customHeaders>
      </httpProtocol>
      </system.webServer>


      WebApiConfig in Web API project:



      public static class WebApiConfig

      public static void Register(HttpConfiguration config)

      config.EnableCors();

      // Web API configuration and services

      // Web API routes
      config.MapHttpAttributeRoutes();

      config.Routes.MapHttpRoute(
      name: "DefaultApi",
      routeTemplate: "api/controller/id",
      defaults: new id = RouteParameter.Optional
      );

      //set API to return JSON
      config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));











      share|improve this question
















      I am prety sure CORS is enable in my Web API project but access is denied. Perhaps I misconfigure it?



      Error:




      Access to XMLHttpRequest at 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart' from origin 'http://localhost:55817' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.




      Ajax call:



      <script type="text/javascript">
      $(document).ready(function ()
      var _tableId = 'tableCriticalParts';
      var _table = $('#' + _tableId).DataTable(
      "processing": true,
      "serverSide": true,
      "ajax":
      url: 'http://localhost/ControlTower2WebAPI/api/PurchaseOrder/PagingCriticalPart',
      type: 'POST',
      contentType: "application/json",
      data: function (data)
      //debugger;
      var model =
      draw: data.draw,
      start: data.start,
      length: data.length,
      columns: data.columns,
      search: data.search,
      order: data.order
      ;
      return JSON.stringify(model);
      ,
      failure: function (result)
      debugger;
      alert("Error occurred while trying to get data from server: " + result.sEcho);
      ,
      error: function (XMLHttpRequest, textStatus, errorThrown)
      debugger;
      alert("Error occurred while trying to get data from server!");

      ,
      dataSrc: function (json)
      debugger;
      for (key in json.Data) json[key] = json.Data[key];
      delete json['Data'];
      return json.data;


      ,
      "columns": [
      "data": "partNumber", title: "partNumber" ,
      "data": "partDescription", title: "partDescription"
      ]
      );
      );
      </script>


      Web.config of Web API project:



      <system.webServer>
      <httpProtocol>
      <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
      <add name="Access-Control-Allow-Headers" value="Content-Type" />
      <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
      </customHeaders>
      </httpProtocol>
      </system.webServer>


      WebApiConfig in Web API project:



      public static class WebApiConfig

      public static void Register(HttpConfiguration config)

      config.EnableCors();

      // Web API configuration and services

      // Web API routes
      config.MapHttpAttributeRoutes();

      config.Routes.MapHttpRoute(
      name: "DefaultApi",
      routeTemplate: "api/controller/id",
      defaults: new id = RouteParameter.Optional
      );

      //set API to return JSON
      config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));








      c# ajax asp.net-web-api cors






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 15 '18 at 3:26







      Pop

















      asked Nov 15 '18 at 3:21









      PopPop

      15010




      15010






















          1 Answer
          1






          active

          oldest

          votes


















          1














          Since the line config.EnableCors() enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.



          You can try adding a global CORS configuration when enabling it, such as:



          public static class WebApiConfig

          public static void Register(HttpConfiguration config)

          var corsAttr = new EnableCorsAttribute("*", "*", "*");
          config.EnableCors(corsAttr);

          // Rest of config ...




          I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders> from your web.config.



          Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)






          share|improve this answer
























            Your Answer






            StackExchange.ifUsing("editor", function ()
            StackExchange.using("externalEditor", function ()
            StackExchange.using("snippets", function ()
            StackExchange.snippets.init();
            );
            );
            , "code-snippets");

            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "1"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader:
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            ,
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













            draft saved

            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53311931%2fcors-is-enable-in-web-api-but-access-is-denied%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            Since the line config.EnableCors() enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.



            You can try adding a global CORS configuration when enabling it, such as:



            public static class WebApiConfig

            public static void Register(HttpConfiguration config)

            var corsAttr = new EnableCorsAttribute("*", "*", "*");
            config.EnableCors(corsAttr);

            // Rest of config ...




            I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders> from your web.config.



            Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)






            share|improve this answer





























              1














              Since the line config.EnableCors() enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.



              You can try adding a global CORS configuration when enabling it, such as:



              public static class WebApiConfig

              public static void Register(HttpConfiguration config)

              var corsAttr = new EnableCorsAttribute("*", "*", "*");
              config.EnableCors(corsAttr);

              // Rest of config ...




              I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders> from your web.config.



              Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)






              share|improve this answer



























                1












                1








                1







                Since the line config.EnableCors() enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.



                You can try adding a global CORS configuration when enabling it, such as:



                public static class WebApiConfig

                public static void Register(HttpConfiguration config)

                var corsAttr = new EnableCorsAttribute("*", "*", "*");
                config.EnableCors(corsAttr);

                // Rest of config ...




                I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders> from your web.config.



                Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)






                share|improve this answer















                Since the line config.EnableCors() enables CORS without any explicit configuration, my guess is that your custom headers are being overridden by the CORS module.



                You can try adding a global CORS configuration when enabling it, such as:



                public static class WebApiConfig

                public static void Register(HttpConfiguration config)

                var corsAttr = new EnableCorsAttribute("*", "*", "*");
                config.EnableCors(corsAttr);

                // Rest of config ...




                I would recommend using this approach (with a more restrictive set of origins) and deleting the <customHeaders> from your web.config.



                Source: https://enable-cors.org/server_aspnet.html (Enabling Globally)







                share|improve this answer














                share|improve this answer



                share|improve this answer








                edited Nov 15 '18 at 4:44

























                answered Nov 15 '18 at 4:08









                Kyle PolanskyKyle Polansky

                36136




                36136





























                    draft saved

                    draft discarded
















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid


                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.

                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53311931%2fcors-is-enable-in-web-api-but-access-is-denied%23new-answer', 'question_page');

                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    這個網誌中的熱門文章

                    How to read a connectionString WITH PROVIDER in .NET Core?

                    Node.js Script on GitHub Pages or Amazon S3

                    Museum of Modern and Contemporary Art of Trento and Rovereto