0

It shows error

Got this error when we call API on Remote Acess server from VPN.

We already mentioned in API's web config below code:

 <bindings>
  <webHttpBinding>
    <binding name="webWinBinding" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
      <security mode="TransportCredentialOnly">
        <transport clientCredentialType="Windows" />
      </security>
      <readerQuotas maxArrayLength="100000" maxStringContentLength="2147483647" />
    </binding>
 ........ 
........

   <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="http://localhost:58319" />
        <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept, Authorization" />
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
        <add name="Access-Control-Allow-Credentials" value="true" />
      </customHeaders>
    </httpProtocol>

still getting an error when we call API.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://test/service1.svc/User/GetLogin. (Reason: CORS preflight channel did not succeed).

We search some google link, but no luck, my question is can we add code to bypass the security or support the security which calls web API in Chrome.

Trivedi Richa
  • 9
  • 2
  • you wana to compromise the api cross origin security? – geminiousgoel Jun 06 '17 at 11:21
  • No, we are not able to touch the web API, in IE code works, but Chrome gives 401 'unauthorized' related error. the question is any code for chrome that hit the web API, right now it through error without post web API. , see in the console. – Trivedi Richa Jun 06 '17 at 11:48

0 Answers0