CORS POST Requests not working - OPTIONS (Bad Request) - The origin is not allowed

后端未结

关注

 5  1518

不思量自难忘°

I\'m having a lot of trouble getting a cross domain POST request to hit an Api controller in the latest beta 2 release.

Chrome (and other browsers) spit out:

相关标签:

5条回答

遥遥无期

2020-12-13 19:27

Add this to your startup.cs file inside ConfigureOAuth

app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);

0 讨论(0)
发布评论:

提交评论
- 加载中...
花落未央

2020-12-13 19:29
Try to add below code in your Response header:
```
Response.AddHeader("Access-Control-Allow-Origin", "*");
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
天涯浪人

2020-12-13 19:41
Ok I got past this. This has got to be the strangest issue I've ever encountered. Here's how to "solve" it:
1. Continue on with life as usual until suddenly out of no where OPTIONS requests to this domain begin returning 200 OK (instead of 400 Bad Request) and POST never happens (or at least seems like it doesn't because the browser swallows it)
2. Realize that Fiddler's OPTIONS response mysteriously contains duplicates for "Access-Control-Allow-XXX".
3. Try removing the following statement from you web.config even though you clearly remember trying that to fix the previous issue and it not working:
Remove this:
```
    <httpProtocol>
       <customHeaders>
         <remove name="X-Powered-By" />
         <add name="Access-Control-Allow-Origin" value="http://mydomain.com" />
         <add name="Access-Control-Allow-Headers" value="Accept, Content-Type, Origin" />
         <add name="Access-Control-Allow-Methods" value="GET, PUT, POST, DELETE, OPTIONS" />
       </customHeaders>
    </httpProtocol>
```
Because you already have this:
```
 var enableCorsAttribute = new EnableCorsAttribute("http://mydomain.com",
                                                   "Origin, Content-Type, Accept",
                                                   "GET, PUT, POST, DELETE, OPTIONS");
        config.EnableCors(enableCorsAttribute);
```
Moral: You only need one.
0 讨论(0)
发布评论:

提交评论
- 加载中...
心在旅途

2020-12-13 19:45
if you use OAuth Authorization . request not go direct to web api. You need to enable OWIN CORS support for that endpoint.

How i do on my site: Install owin cors
```
Install-Package Microsoft.Owin.Cors
```
Note: please not use : Install-Package Microsoft.AspNet.WebApi.Cors

In file Startup.Auth.cs
```
 //add this line
            app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);

            // Enable the application to use bearer tokens to authenticate users
            app.UseOAuthBearerTokens(OAuthOptions);
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

伪装坚强ぢ

2020-12-13 19:53

I have an MVC controller (not an ApiController) but the solution I came up with may help others. To allow cross domain access to a POST action (/data/xlsx) on the controller I implemented 2 actions:

for the pre-flight check
for the post

If you don't have the HttpOptions action then you get 404's on the pre-flight check.

Code:

[HttpOptions]
public ActionResult Xlsx()
{
    // Catches and authorises pre-flight requests for /data/xlsx from remote domains
    Response.AddHeader("Access-Control-Allow-Origin", "*");
    Response.AddHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
    Response.AddHeader("Access-Control-Allow-Methods", "GET, PUT, POST, DELETE, OPTIONS");
    return null;
}

[HttpPost]
public ActionResult Xlsx(string data, string name)
{
    Xlsx(); // Add CORS headers

    /* ... implementation here ... */
}

I've tested it in IE 11, Chrome, FireFox.

0 讨论(0)