Geek Answers Handbook

404 for web.api cors OPTIONS

I followed the usual steps to enable cors in web.api, but I get a 404 response to the OPTIONS request in Chrome and in Firefox I get Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.mydomain.com/api/1/widgets. This can be fixed by moving the resource to the same domain or enabling CORS.

In my WebApiConfig.cs I have:

var enableCorsAttribute = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(enableCorsAttribute);

I also tried adding attributes EnableCorsto specific controllers or actions, and they all have the same result.

I also added the following to my web.config:

<modules runAllManagedModulesForAllRequests="true">
  <remove name="WebDAVModule" />
</modules>
<handlers>
    <remove name="WebDAV" />
...

Here is my javascript:

$.ajax({
    url: 'https://api.mydomain.com/api/1/widgets',
    type: "GET",
    headers: {
        Accept: "text/html; charset=utf-8",
        Authorization: 'Bearer ???????????????????????????????'
            }
        });

But the answer to question 404 in Chrome and "Request for cross-request blocked" in Firefox.

The following is information about a failed request from the Chrome toolbar:

Remote Address:??.???.???.???:443
Request URL:https://api.mydomain.com/api/1/widgets
Request Method:OPTIONS
Status Code:404 Not Found

Inquiry

OPTIONS /api/1/widgets HTTP/1.1
Host: api.mydomain.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://myotherdomain.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
Access-Control-Request-Headers: accept, authorization
Accept: */*
Referer: http://myotherdomain.com/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en;q=0.8,en-US;q=0.6

Answer

HTTP/1.1 404 Not Found
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: http://myotherdomain.com
Access-Control-Allow-Credentials: true
X-AspNetMvc-Version: 5.0
X-UA-Compatible: IE=edge,chrome=1
X-Frame-Options: SAMEORIGIN
Cache-conrol: no-store
Date: Thu, 28 Aug 2014 16:00:28 GMT
Content-Length: 341

What am I missing?

+4
source share
1 answer

, - , , Microsoft UrlScan IIS.

UrlScan AllowVerbs DenyVerbs. , .

+4

More articles:


All Articles