CORS and Internal Server Error Answers

Question

CORS and Internal Server Error Answers

In ASP.NET WebApi2, if there is an internal server error, a 500 Response is sent without the Access-Control-Allow-Origin header, even if CORS is enabled .

This causes the browser to report a CORS error and not an internal server error.

I assume that the server in an error state will not be able to report the origin to which it will respond, so it seems to me that the browser should handle this exceptional case and report an internal error, not CORS.

A) Is there a way to make the internal server error appear in the browser as a reason for the failure of my request?

B) Should there be a problem with the browser regarding this?

+3

google-chrome asp.net cors asp.net-web-api

Jesse Nov 20 '13 at 22:27

source share

1 answer

Ray nicholus · Accepted Answer · 2013-11-20T22:53:54+0000

According to the CORS specification, the user agent (browser) should not show anything about the request if the response does not correctly confirm the request of cross origin. Thus, browsers follow the specifications, and nothing more can be done about this. If you want to programmatically identify the baseline response status on the client side, your server will need to properly acknowledge the cross-start request by including the appropriate (Access) Control-Allow-Control-Allow headers.

CORS and Internal Server Error Answers

More articles: