1

I have an ASP.Net MVC 4 Website and another ASP.Net Web API project.Currently both are hosted on different domain.I am using amplify.js to consume API on my front end.Since both websites are hosted on different domain its always a crossdomain request when i call my API from the UI(I am utilizing CORS for this purpose.).This results in additional OPTIONS request for each HTTP API call i make,which increases overhead.I also tried hosting these 2 websites on sub domains but still the OPTIONS request is there,I want to get rid of these extra request.

Is there any way by which i can eliminate the OPTIONS request?

Cris
  • 12,799
  • 5
  • 35
  • 50

2 Answers2

3

Is there any way by which i can eliminate the OPTIONS request?

You could use JSONP instead of CORS. Unfortunately this might not be sufficient for your scenario because JSONP works only with GET requests (jQuery's $.ajax method has this limitation).

Or if you host the 2 on the same domain and you are not violating the same origin policy, you could use a normal AJAX request.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • could you please provide any reference from where i can get head start for doing this? – Cris Mar 01 '13 at 07:52
  • Which one? JSONP? As I explained in my answer it has some limitations such as the HTTP verb you can use. Is it something you would like to do? If yes, then you could take a look at the following post: http://stackoverflow.com/questions/9421312/jsonp-with-asp-net-web-api – Darin Dimitrov Mar 01 '13 at 07:54
  • thats the one issue i use POST,PUT and DELETE also along with GET requests – Cris Mar 01 '13 at 07:56
  • Well, in this case you will have to host your Web API on the same domain and use standard AJAX requests. There's no other way. – Darin Dimitrov Mar 01 '13 at 07:58
  • to host these 2 on same domain i need to have them in one solution,right? – Cris Mar 01 '13 at 07:58
  • The solution has absolutely nothing to do with the location where you host your applications. It's only a Visual Studio artifact to group projects together. If you want this to work in VS though, you will need to have both hosted in the same ASP.NET application. – Darin Dimitrov Mar 01 '13 at 08:00
  • i tried to host as http://website.domainnamee.com and http://api.website.domainnamee.com,still the problem persists – Cris Mar 01 '13 at 08:02
  • 1
    No, that's not possible. You are violating the same origin policy. Please read the article I have linked to: http://en.wikipedia.org/wiki/Same_origin_policy If you want this to work you should respect this policy, i.e. your applications must be hosted at `website.domainname.com` and `website.domainname.com/api` for example. – Darin Dimitrov Mar 01 '13 at 08:16
1

To prevent a cross-domain request, origin and target domain must be exactly the same: in host, domain and port (same origin policy). However, you have some options to prevent CORS anyway:

  1. Put website and API in the same domain - kinda obvious ;)
  2. Create some kind of serverside proxy-script (PHP, Node.js or whatever you like), which routes the request via curl or anything similar to the API. This should prevent the OPTIONS headers, but needs another HTTP request (AJAX <-> website httpd <- > API httpd).
  3. A similar solution is to use Apache as a reverse proxy (howto here). Like the script solution this also results in two HTTP requests, but I assume a reverse proxy causes less overhead.
  4. You could also use JSONP, but the API need to support it (so you might have to reimplement the website<->API communication) and your API won't be RESTful anymore (if you care about it).

I would go either way one or way three as the script solution just feels too clumsy ;) I would also suggest to check whether it is really necessary to run API and website on different domains. The OPTIONS header usually don't cause too much overhead so you might consider to optimize other parts of your code first.

Maybe you could put the website and the API in one domain and only the database for the API on another server? Just an idea...

Torben
  • 6,317
  • 1
  • 33
  • 32