0

I have a set of webapi which accepts cross domain requests. So, I have these customheaders setup in web.config

<customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Headers" value="*" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
  </customHeaders>

This has been working fine with cross domain request for a long time.

Now, I added a new method for an web api endpoint to accept file uploads. I tried to call this webapi from a different domain, and I get a "405 method not allowed" response from the server. The request method is OPTIONS.

Now before anyone closes this as duplicate, let me clarify that I have seen examples with other approach like EnableCors attributes. So, my question is not how to accept cross domain requests. As already mentioned above, I have been accepting cross domain request on other endpoints for quite sometime.

My questions are: a) Why is the call to this particular endpoint (with OPTIONS method request) ending in a 405 error, while other endpoints work fine? (please note that "Access-Control-Allow-Methods" value has OPTIONS included in value). b) how to resolve this problem, and get the api call to go successfully? (without going for other approaches like enablecors atribute)

maX
  • 788
  • 2
  • 11
  • 32
  • try with I think the wildcard for this header is not supported on certain browsers – J.Loscos May 30 '18 at 08:29
  • no, that does not work. – maX May 30 '18 at 09:23
  • I found this stackoverflow question (https://stackoverflow.com/questions/13624386/handling-cors-preflight-requests-to-asp-net-mvc-actions/13646169#13646169) which closely resembles my problem, the solutions does not work. I can see that the browser sends OPTION method request. But the server sends "The requested resource does not support http method 'GET'.". why is it that the server thinks it is a get request? – maX May 30 '18 at 10:01

0 Answers0