0

Hello I am using this method to read this api it giving CORS error. I have added CORS plugin with chrome then also it is not coming. Please let me know how to solve these to error.

text:

 function NoCors() {
        debugger;
        var uName = "*****";
        var passwrd = "*****";
        document.write("Enter1");
        var url = 'http://219.90.67.163:8207/api/Info/getgismeterdata'
        $.ajax({
            type: 'GET',
            url: url,
            crossDomain: true,
            //Access-Control-Allow-Credentials: true,
            contentType: 'json',
            datatype: "application/json",
            headers: {
                "Authorization": "Basic QXBpVXNlcjpBcGlQYXNz",
            },

            beforeSend: function (xhr) {
                xhr.setRequestHeader('Authorization', "Basic " + btoa(uName + ":" + passwrd));
            },
            success: function (data) {
                debugger;
                console.log("data")
                //Success block 
            },
            error: function (xhr, ajaxOptions, throwError) {
                //Error block 
            },
        });
    }

error in console: 1. Failed to load resource: the server responded with a status of 405 (Method Not Allowed) 2. Access to XMLHttpRequest at 'http://219.90.67.163:8207/api/Info/getgismeterdata' from origin 'http://localhost:50362' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

Diksha Bandil
  • 1
  • 1
  • have a look at https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api – Abid Hussain Nov 15 '18 at 08:48
  • `contentType: 'json',` — That is not a valid value for `contentType` which you shouldn't be setting at all because you are making a GET request. – Quentin Nov 15 '18 at 09:38
  • `datatype: "application/json",` — The property is called `dataType` with a capital `T` and `application/json` is not a valid value for it. You probably mean `"json"`. – Quentin Nov 15 '18 at 09:38
  • You have `headers` and `xhr.setRequestHeader`: Pick **one**! – Quentin Nov 15 '18 at 09:41
  • `crossDomain: true` — This is pointless unless you are making a *same origin* request which gets **redirected** to a different origin. – Quentin Nov 15 '18 at 09:42

3 Answers3

0

Before sending the GET request to server, browser automatically send and preflight OPTIONS request, and your server doesn't allow this method. You need to enable OPTIONS method support in your server side (219.90.67.163)

Quy Nguyen
  • 68
  • 9
0

  1. Are you use Bearer Token Authentication? requst headers try this

    headers: { "Authorization": "Bearer QXBpVXNlcjpBcGlQYXNz", },

  2. You must setting CORS in Web API

https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api

Homura Lin
  • 116
  • 1
  • 6
0

The CORS plugin you are using only works for Simple Requests.

Since you are setting an Authorization header you are making a Preflighted Request which your plugin cannot handle.

You need a different approach to handling the Same Origin Policy. Ideally, that would be proper support for CORS on the server you are making the HTTP request to but some other options are listed at the end of this answer.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335