1

I am trying to access REST service hosted on console application from ajax GET/POST. As there will be different ports used in two applications , I have configured REST service to handle cross origin requests. I have tried every available solution , still I am unable to access the service from ajax and getting 405.

I am sharing Raw request-response stream captured by http analyser.

OPTIONS /Service/Contacts?_145***************** HTTP/1.1
Accept: */*
Origin: http:localhost:1053
Access-Control-Request-Method: GET
Access-Control-Request-Headers: access-control-allow-origin, access-control-allow-methods
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: bhawesh-pc:8000
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 405 Method Not Allowed
Allow: POST, GET
Content-Type: text/html; charset=UTF-8
Server: Microsoft-HTTPAPI/2.0
Access-Control-Allow-Origin: *
Access-Control-Request-Method: POST,GET,PUT,DELETE,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Date: Tue, 05 Jan 2016 17:57:44 GMT
Content-Length: 1565

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Service</title>
    <style>BODY { color: #000000; background-color: white; font-family: Verdana; margin-left: 0px; margin-top: 0px; } #content { margin-left: 30px; font-size: .70em; padding-bottom: 2em; } A:link { color: #336699; font-weight: bold; text-decoration: underline; } A:visited { color: #6699cc; font-weight: bold; text-decoration: underline; } A:active { color: #336699; font-weight: bold; text-decoration: underline; } .heading1 { background-color: #003366; border-bottom: #336699 6px solid; color: #ffffff; font-family: Tahoma; font-size: 26px; font-weight: normal;margin: 0em 0em 10px -20px; padding-bottom: 8px; padding-left: 30px;padding-top: 16px;} pre { font-size:small; background-color: #e5e5cc; padding: 5px; font-family: Courier New; margin-top: 0px; border: 1px #f0f0e0 solid; white-space: pre-wrap; white-space: -pre-wrap; word-wrap: break-word; } table { border-collapse: collapse; border-spacing: 0px; font-family: Verdana;} table th { border-right: 2px white solid; border-bottom: 2px white solid; font-weight: bold; background-color: #cecf9c;} table td { border-right: 2px white solid; border-bottom: 2px white solid; background-color: #e5e5cc;}</style>
  </head>
  <body>
    <div id="content">
      <p class="heading1">Service</p>
      <p>Method not allowed.</p>
    </div>
  </body>
</html>

REST service configuration are based on http://enable-cors.org/server_wcf.html and http://www.khalidabuhakmeh.com/rest-http-verbs-and-iis-express

Bhawesh Paliwal
  • 85
  • 1
  • 3
  • 9
  • 1
    Does your service handle `OPTIONS` requests? – 1.618 Jan 05 '16 at 18:42
  • As @1.618 alludes to, it seems like you’re seeing that message because your browser is sending an `OPTIONS` request to that service as part of a [CORS preflight](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests), but the service does not support `OPTIONS` requests. (And the reason your browser is sending a CORS preflight `OPTIONS` request is that per [the spec where CORS is defined](https://fetch.spec.whatwg.org/), the nature of your original request is such that it requires a CORS preflight.) – sideshowbarker Jan 06 '16 at 04:17
  • Response headers Access-Control-Allow-Origin: *,Access-Control-Request-Method: POST,GET,PUT,DELETE,OPTIONS ,Access-Control-Allow-Headers: X-Requested-With,Content-Type were set programmatically on service end as mentioned in links. Please Suggest what else I need to do. – Bhawesh Paliwal Jan 06 '16 at 05:01
  • 1
    Create a method in your service contract with `[WebInvoke(Method="OPTIONS", UriTemplate="*")]`. The implementation can have an empty body. – 1.618 Jan 06 '16 at 21:06

2 Answers2

0

This is not a valid HTTP GET request:

Access-Control-Request-Method: GET
Access-Control-Request-Headers: access-control-allow-origin, access-control-allow-methods
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: bhawesh-pc:8000
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Content-Length: 0

The first line of a GET request should be:

GET /wanted_resource HTTP/1.1

So, if the server looks at the requested method at the beginning of the header, it sees this:

Access-Control-...

and will return a 405 Method Not Allowed.

Also, with GET, no Content-Length header is needed. It is better to remove that line.

Danny_ds
  • 11,201
  • 1
  • 24
  • 46
  • I doubt the OP meant that `Access-Control-Request-Method: GET` was the first line of the body of the HTTP GET request being sent. Instead it seems like that part of the question is just indicating which request headers were sent. – sideshowbarker Jan 06 '16 at 04:19
  • Thank you both.. I missed three lines. I have corrected now. – Bhawesh Paliwal Jan 06 '16 at 04:53
0

I resolved the problem by these guidelines :

Try to avoid preflight request more Information ( In my case , I removed custom headers from request.)

Do not set withCredentials property to true in client request if you have set Access-Control-Allow-Origin : * on service.

But , this solves only GET request problem. In the POST , I was getting the same problem , but this solution worked like magic.

Community
  • 1
  • 1
Bhawesh Paliwal
  • 85
  • 1
  • 3
  • 9