Geek Answers Handbook

X-user-session header request field not allowed in Access-Control-Allow-Headers

I am trying to make a CORS call for a WCF service endpoint hosted on IIS7.5.

I set up custom headers in IIS. My configuration looks below

<customHeaders>
            <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />
            <add name="Access-Control-Allow-Headers" value="x-user-session,origin, content-type, accept" />
            <add name="Access-Control-Allow-Credentials" value="true" />
        </customHeaders>

When I execute a POST request, I get the following error message "Requesting x-user-session field header is invalid with Access-Control-Allow-Headers"

If I remove my custom header from the call and run it, everything will be fine.

Also, if I make a GET call with a custom header, then the API also works correctly.

$.ajax({
   type:"POST",
   success: function(d) { console.log(d) },
   timeout: 9000,
   url: "http://api.myserver.com/Services/v2/CreditCard.svc/update_cc_detail",
   data: JSON.stringify({"card_id":    1234,"expire_month":"11","expire_year":"2020","full_name":"Demo Account", "number":"4111111111111111","is_primary":true}),
   xhrFields: { withCredentials: true}, 
  headers: { x-user-session':  "B23680D0B8CB5AFED9F624271F1DFAE5052085755AEDDEFDA3834EF16115BCDDC6319BD79FDCCB1E199BB6CC4D0C6FBC9F30242A723BA9C0DFB8BCA3F31F4C7302B1A37EE0A20C42E8AFD45FAB85282FCB62C0B4EC62329BD8573FEBAEBC6E8269FFBF57C7D57E6EF880E396F266E7AD841797792619AD3F1C27A5AE" },
crossDomain: true,
   contentType: 'application/json'
});

UPDATES

Below is a link to the FireBug magazine https://gist.github.com/anonymous/7333130

+4
3

, , OPTIONS (404 405). , GET ( ), POST ( ).

WCF, IIS, WebInvokeAttribute:

[WebInvoke(Medthod="*")]
...

IIS OPTION OPTIONSVerbHandler. web.config:

<handlers>
    <remove name="OPTIONSVerbHandler"/>
</handlers>

( OPTIONS IIS, WCF ), . , :

namespace CustomHandlers
{
    public class CORSOPTIONSVerbHandler : IHttpHandler
    {
        public bool IsReusable
        {
            get { return true; }
        }

        public void ProcessRequest(HttpContext context)
        {
            if (context.Response.HttpMethod == "OPTIONS")
                context.Response.StatusCode = 200;
            else
                context.Response.StatusCode = 405;

            context.Response.End();
        }
    }
}

web.config :

<handlers>
    <remove name="OPTIONSVerbHandler"/>
    <add name="CORSOPTIONSVerbHandler" verb="OPTIONS" path="*" type="CustomHandlers.CORSOPTIONSVerbHandler, CustomHandlers"/>
</handlers>

, , .

+4

web.config

<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept" />

-

0

, , OPTIONS . , WCF , .

tpeczek:

namespace CustomHandlers
{
    public class CORSOPTIONSVerbHandler : IHttpHandler
    {
        public bool IsReusable
        {
            get { return true; }
        }

        public void ProcessRequest(HttpContext context)
        {
            if (context.Response.HttpMethod == "OPTIONS")
                context.Response.StatusCode = 200;
                context.Response.Headers.Add("Access-Control-Allow-Headers" ,"x-user-session,origin, content-type, accept");
            else
                context.Response.StatusCode = 405;

            context.Response.End();
        }
    }
}

, , , :)

0

More articles:


All Articles