2

I am currently scratching my head because when I attempt to post data my browser (chrome) automatically sends an OPTIONS request, but this request gets 401'd by IIS express (local dev in Visual Studio). The problem was intermittent, but now it seems it happens always and I have 0 clue what is causing it.

When I tried to solve the problem for myself though I got weird results... I turn fiddler on and all a sudden the OPTIONS requests go through without an issue.. The only diference in the request are as follows:

(OPTIONS HEADER WITHOUT FIDDLER)

OPTIONS /api/users/skill HTTP/1.1
Host: localhost:65121
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: PUT
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

I am using the tag < this is different> for when information in the header is different, i.e.

<this is different>the header info here has changed</this is different>

(OPTIONS HEADER WITH FIDDLER)

OPTIONS <this is different>http://localhost:65121</this is different>/api/users/skill HTTP/1.1
Host: localhost:65121
<this is different>Proxy-</this is different>Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Access-Control-Request-Method: PUT
Origin: http://localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
Access-Control-Request-Headers: accept, content-type
Accept: */*
Referer: http://localhost:3000/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

The only difference in the two requests is that for what ever reason the API call through the proxy has a diferent header used for the Connection and it sends the fully qualified address as a part of the options request. Although that being said, both do goto the API's port.

Has anyone ever experienced this or have any idea why putting a proxy in the middles breaks it?

web.config -> http://pastebin.com/CgWVzAvm

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
Michael Crook
  • 1,520
  • 2
  • 14
  • 37
  • What are you trying to do with the API? `OPTIONS` is used to ask the server what methods are allowed (and as far as I'm aware it's very rarely used). How are you creating this request in the browser? Are you specifically wanting to use `OPTIONS`? (or are you actually trying to do `GET`/`POST`/etc?) – Rob Mar 21 '16 at 00:35
  • I am making an AJAX call from Angular's HTTP module. As it is a POST request to an origin that doesn't match that which served the HTML the browser automatically sends out an OPTIONS request. My API server for some reason (to the best of my research) is declining the OPTIONS call as it doesn't contain Auth headers, but I cannot add auth headers as the specifications + chrome implementation do not allow for it. – Michael Crook Mar 21 '16 at 02:08

2 Answers2

0

Please check if the PUT verb is enabled on your IIS server. In IIS server by default, verbs like put,delete will be disabled.
For enabling the verbs

Try to use post verb for the same method and see if it passes.

Community
  • 1
  • 1
kranthiv
  • 174
  • 1
  • 1
  • 8
-1

Had the same issue when proxying requests to bitbucket server.

For me the solution was to remove the Origin header.

Mist
  • 913
  • 6
  • 11