0

I have the same problem as this post where I have installed the nuget package for cors and set

config.EnableCors(new EnableCorsAttribute("*", "*", "*"));

in my api config but it is still blocking access from my dev server (where I am calling the api) to my test server (where the api is deployed)

I have updated the nuget package for the web api 2 to the latest version of 2.2 but this hasn't resolved the problem either.

The error I get is:

XMLHttpRequest cannot load http://www.example.com/api. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.local' is therefore not allowed access.

Is there something I am missing here?

Community
  • 1
  • 1
Pete
  • 57,112
  • 28
  • 117
  • 166

2 Answers2

1

I have had that problem before, and it's very likely coming from the client-side request. If you are using jQuery (please don't), Usually crossDomain: true should be present. I would try the same request from fiddler first, and see if you are still getting the same error.

aminjam
  • 646
  • 9
  • 25
  • would you have an example of how to do the request without jQuery please – Pete Oct 29 '14 at 12:18
  • I am assuming your api is at `http://www.example.com/api/MyController`, what happens when you make the same `POST` or `GET` request from [POSTMAN](https://chrome.google.com/webstore/detail/postman-rest-client/fdmmgilgnpjigdojojpjoooidkmcomcm?hl=en)? Do you see the same message? – aminjam Oct 29 '14 at 13:14
  • That means you are not hitting the endpoint for your API. This has nothing to do with CORS, make sure you are calling the right method in your controller and the http method enabled for that action. e.g. making a `GET` request to `http://www.example.com/api/mycontroller/myaction` should have `[HttpGet]` on top of `myaction` method. – aminjam Oct 29 '14 at 13:30
  • Ahh, that's it - I forgot to add the url to the actual action, d'uh. Been one of them days. Thanks – Pete Oct 29 '14 at 13:59
0

Many browsers (chrome included), do not like the wildcard * for the origins header.

config.EnableCors(new EnableCorsAttribute("*", "*", "*"));

Should be replaced with:

config.EnableCors(new EnableCorsAttribute("http://www.clientURL.com", "*", "*"));

If you need more than 1 website, the origins parameter will accept a string with comma separated values.

Arthur Tolchinsky
  • 1
  • 1
  • The star actually works for me and using a list of sites would be rather counter intuaitive as this is an api for many of our affiliates to call. I do not want to be adding or removing the url and redeploying the api each time we add or remove an affiliate – Pete Jul 18 '16 at 15:33