Web Api 2 CORS not working with POST

Question

According to asp.net tutorial, we only need following code to enable cors on Web Api application:

var cors = new EnableCorsAttribute("*","*", "*");
config.EnableCors(cors);

Following is my code:

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        // Web API configuration and services  
        var cors = new EnableCorsAttribute("*","*", "*");
        config.EnableCors(cors);

        // Web API routes
        config.MapHttpAttributeRoutes();

        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );

        var jsonFormatter = config.Formatters.OfType<JsonMediaTypeFormatter>().First();
        jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();

        config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));
    }
}

It is working fine for Get, but still it is giving error for Post requests

Following is the error, I am getting on Post:

POST http://api.example.com/token 404 (Not Found) XMLHttpRequest cannot load http://api.example.com/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com' is therefore not allowed access. The response had HTTP status code 404.

Does a non-CORS (same domain) POST request to the same resource succeed? Can we see your controller method? — spender, Aug 24 '15 at 16:39
It is same Domain. Web Api is just the subdomain of main domain, api.mydomain.com. — Usman Khalid, Aug 24 '15 at 16:40
Then var cors = new EnableCorsAttribute("*","*", "*"); config.EnableCors(cors); should work? — Usman Khalid, Aug 24 '15 at 16:43
I'm not even sure you're looking in the right direction. 404 error? Does the route even exist? WebApi routes are case-sensitive... are you sure you shouldn't be hitting `/Token`? ***Please*** show us your controller code/routing. — spender, Aug 24 '15 at 16:55

score 2 · Answer 1 · answered Aug 24 '15 at 16:20

2

You need to add the following to your Web.Config:

<httpProtocol>
   <customHeaders>
     <add name="Access-Control-Allow-Origin" value="*" />
     <add name="Access-Control-Allow-Headers" value="Content-Type" />
     <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
   </customHeaders>
</httpProtocol>

Inside of the System.webServer config node.

answered Aug 24 '15 at 16:20

Mr. B

2,845
1
21
31

New error : The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. Origin 'http://www.example.com' is therefore not allowed access. – Usman Khalid Aug 24 '15 at 16:32
Try removing your code in the Register and run it. If it doesn't work, see the following post http://stackoverflow.com/questions/22343384/the-access-control-allow-origin-header-contains-multiple-values – Mr. B Aug 24 '15 at 16:41
Once the NuGet package is added and CORS is working properly, this will cause the above error due to duplicate Allow-Origin headers being emitted. – Justin Gould Aug 24 '15 at 18:02

score 2 · Answer 2 · answered Aug 24 '15 at 18:01

2

You need to add the Microsoft.AspNet.WebApi.Cors NuGet package to your project before the CORS settings in WebApiConfig will actually work.

answered Aug 24 '15 at 18:01

Justin Gould

691
5
9

Make sure you do NOT also have the stuff in web.config. You need the NuGet package and the stuff in WebApiConfig, but don't need anything telling IIS to do custom headers. – Justin Gould Aug 25 '15 at 17:17

score -1 · Answer 3 · answered Aug 24 '15 at 16:43

-1

Maybe you should write an action for post request in the controller

just like this

public HttpResponseMessage Post()
{
    //Do something here
}

answered Aug 24 '15 at 16:43

Norgerman

79
5

Web Api 2 CORS not working with POST

3 Answers3