2

I'm currently creating an MVC 6 project (beta 8) which includes some APIs. Along with this is an accompanying Word App which talks to these APIs (just GET methods at present), however all my ajax get JSON requests from the Word app result in an 'Error: Access is denied.' message.

After much searching I believe this may be a CORS issue, so I have enabled this in my startup.cs by adding the following into ConfigureServices:

services.AddCors(options =>
        {
            options.AddPolicy("AllowAllOrigins", builder => builder.AllowAnyOrigin());
        });

and then

app.UseCors("AllowAllOrigins");

into Configure, but this makes no difference, I still just receive the access denied message. I've attempted adjusting my CORS options to allow all methods and tried various other options, including adding

[EnableCors("AllowAllOrigins")]

on the actions, but again it makes no difference.

I am running both projects locally and manually navigating to the api via a browser returns the results without a problem, as does my swashbuckler setup.

Am I missing something obvious here?

Peter Davis
  • 21
  • 2
  • May have solved this. My MVC application was running as HTTP but the default office app project in VS2015 is created with SSL enabled. Turning of SSL on the office app now allows me to connect without a problem. – Peter Davis Nov 06 '15 at 22:55

1 Answers1

0

In my experience, some browsers don't allow the wildcard response for allow origin when over an SSL connection (which is what you get when you use AllowAllOrigins). If you need your traffic to go over SSL, you need to respond with a list of allowed origins instead of the wildcard.

This answer has a good approach.

Community
  • 1
  • 1
TylerOhlsen
  • 5,485
  • 1
  • 24
  • 39