2

I did search everywhere on the internet but I still have this issue after several hours trying every solutions I find but nothing successful so far. So I did a little MVC Web API to get CORS work but I always have an issue with the preflight request. The api always return 2 Access-Control-Allow-Origin headers.

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/8.5
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: content-type
X-AspNet-Version: 4.0.30319
Access-Control-Allow-Origin: *
Date: Mon, 11 Jan 2016 11:06:56 GMT
Content-Length: 0

What iv'e tried so far.

I Installed both Microsoft.AspNet.WebApi.Cors and then I tried Microsoft.Owin.Cors

There is the code I used

WebApiConfig:

Public Sub Register(config As HttpConfiguration)
    ' Web API configuration and services
    ' Configure Web API to use only bearer token authentication.
    'config.EnableCors(New EnableCorsAttribute("*", "*", "*"))
    config.EnableCors()
    'config.SuppressDefaultHostAuthentication()
    'config.Filters.Add(New HostAuthenticationFilter(OAuthDefaults.AuthenticationType))

    ' Web API routes
    'config.MapHttpAttributeRoutes()


    config.Routes.MapHttpRoute( _
      name:="ActionApi", _
      routeTemplate:="{controller}/{action}" _
  )
End Sub

Controllers:

Imports System.Net
Imports System.Web.Http

Namespace Controllers
<Cors.EnableCors("*", "*", "*")>
Public Class TestController
    Inherits ApiController
    <HttpGet>
    <ActionName("GetAnswer")>
    Public Function GetAnswer() As List(Of String)
        Dim AlIST As New List(Of String)
        AlIST.Add("Test")
        AlIST.Add("1234")
        AlIST.Add("TTest")
        Return AlIST
    End Function

    <HttpPost>
    <ActionName("WriteAnswer")>
    Public Function WriteAnswer(<FromBody> aList As List(Of String)) As List(Of String)
        For i = 0 To aList.Count - 1
            Dim Num As Integer = i + 1
            Dim aStr As String = aList(i)
            aList(i) = aList(i) + Num.ToString()
        Next
        For Each HD As String In HttpContext.Current.Response.Headers.AllKeys
            aList.Add(HD)
            For Each Header As String In HttpContext.Current.Response.Headers.GetValues(HD)
                Dim a As String = Header
                aList.Add(a)
            Next
        Next
        Return aList
    End Function


End Class
End Namespace

Startup:

Public Sub Configuration(app As IAppBuilder)
    ConfigureAuth(app)
    'app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll)
End Sub

Web.Config:

<handlers>
  <!--<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
  <remove name="OPTIONSVerbHandler" />
  <remove name="TRACEVerbHandler" />
  <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*" verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />-->
</handlers>

I tried deactivating some code activating others but nothing worked so far and I can't find any definitive solutions on the web.

Thanks

Improve this question
2
  • I think you may need to add SupportsCredentials = true to your EnableCorsAttribute. How are you passing credentials? I'm not familiar with OAuth. Commented Jan 11, 2016 at 13:15
  • I`m not using the credential feature yet. How the supportsCredentials would avoid to send the header twice ? I'll try it later and let you know... Commented Jan 11, 2016 at 16:28

1 Answer 1

Reset to default
4

I think the problem is using both Owin and WebAPI packages in your code. If you wish to use Owin in your code, you can comment out following line in Register method (from WebApi.Cors)

config.EnableCors()

Also, check your Web.config file and see if you have not specified any custom cors headers like below. If yes, then comment them out too.

<httpProtocol>      
    <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    ...
  </customHeaders>
</httpProtocol>-->
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I had an EnableCors in code and an entry in the web.config file which caused it to be added to the response header twice

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.