I have an issue with an endpoint on my web api. I have a POST method that is not working due to:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access. The response had HTTP status code 405.
I cannot see why that is not working since I have plenty of methods that are working indeed with the same COSR configuration. The only difference is that this method has a specified route, as you can see below:
// POST: api/Clave [EnableCors(origins: "*", headers: "*", methods: "*", SupportsCredentials = true)] [Route("{id:int}/clave")] [HttpPost] public HttpResponseMessage Post(int id, [FromBody]CambioClaveParameters parametros) { UsuarioModel usuario = SQL.GetUsuario(id); if (Hash.CreateMD5(parametros.ViejaClave) != usuario.Clave.ToUpper()) { return Request.CreateResponse(HttpStatusCode.BadRequest); } else if (Hash.CreateMD5(parametros.ViejaClave) == usuario.Clave.ToUpper()) { SQL.ModificarClaveUsuario(id, Hash.CreateMD5(parametros.NuevaClave)); return Request.CreateResponse(HttpStatusCode.OK); } else { return Request.CreateResponse(HttpStatusCode.InternalServerError); } }
Any Ideas of why this is happening?.
Thanks!.
4 Answers
Answers 1
if you are using web api just create one class at root level name it Startup.cs If you can try adding following code in your startup and see if that works. This code will inject cors middelware in ur application pipeline. You probably need to add owin via nuget. Give it a try
[assembly: OwinStartup(typeof(MyProject.API.Startup))] namespace MyProject.API { public class Startup { public void Configuration(IAppBuilder app) { app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); app.UseWebApi(WebApiConfig.Register()); } } }
Answers 2
Your Web API response is clearly a 405
, which indicates that you are calling an URI that does not support your HTTP Method (in this case POST
).
Starting from this you need to understand why your URI does not support POST
. The most probable answer is that you are calling the wrong URI. The fact that you are getting a CORS error is not the root of your problem and derives from the fact that the wrong URI you are calling does not set any Access-Control-Allow-Origin
header.
Looking at your controller method:
[EnableCors(origins: "*", headers: "*", methods: "*", SupportsCredentials = true)] [Route("{id:int}/clave")] [HttpPost] public HttpResponseMessage Post(int id, [FromBody]CambioClaveParameters parametros)
It appears to me that you are using a Route
attribute, but not setting a RoutePrefix
attribute in your controller class.
This means that the correct URI for your method is the following one:
http://localhost:xxxx/1/clave
And not, as you might think, that one:
http://localhost:xxxx/api/Clave/1/clave
If you want to access your resource using the second URI you need to put a new RoutePrefix
attribute in your Controller:
[RoutePrefix("api/Clave")] public class ClaveController : ApiController { //.. }
Answers 3
Hope you are doing good ! you can use below code that will allow origin access on each request response.
protected void Application_BeginRequest(object sender, EventArgs e) { HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", *");}
for more reference you can get help from below link. http://enable-cors.org/server_aspnet.html
Answers 4
Based upon the word "preflight" in your message, this is an OPTIONS verb issue. If you examine the requests and responses, I believe you'll see that the request directly before your POST is an OPTIONS request. The OPTIONS request is asking the server what methods are allowed to be called. If you haven't enabled an OPTIONS response, or your OPTIONS response doesn't include the POST method for that Uri, you'll get this response.
Here's a link describing the concept (see section Preflight CORS Requests) https://msdn.microsoft.com/en-us/magazine/dn532203.aspx
To account for this bypassing everything OPTIONS is designed to do, you can add code similar to this (don't be a cargo-cult programmer) to a new or existing module's BeginRequest method:
if (context.Request.HttpMethod.ToLower() == "options") { var origin = context.Request.Headers["origin"]; context.Response.StatusCode = 200; context.Response.AddHeader("Access-Control-Allow-Origin", origin); context.Response.AddHeader("Access-Control-Allow-Credentials", "true"); context.Response.AddHeader("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE, OPTIONS"); context.Response.End(); }
Ideally, though, you would want to programmatically determine whether the request is a valid, and if so, then output a response customized for what is actually allowed.
0 comments:
Post a Comment