-1

I have a C# WebApi server and in this project, I have enabled cors in my WebAPiConfig.cs

 var cors = new EnableCorsAttribute(
        origins: "*",
        headers: "*",
        methods: "*"   );
        cors.SupportsCredentials = true;
        config.EnableCors(cors);

In my angular service, I set the HTTP headers like this

getRouteGeneralTable(routeType: string, pattern: string): Observable<DBrow[]> {
    const httpHeader = new HttpHeaders({
        'Content-Type': 'application/json',
        'withCredentials': 'true',
        'Access-Control-Allow-Origin':'*',
        'Accept': 'application/json',
        'Access-Control-Allow-Credentials': 'true',
        'Access-Control-Allow-Methods': 'POST, GET, OPTIONS, PUT'
    });
    return this.http.get<DBrow[]>(this.baseURL + 'getgeneralroutedata/' + routeType + '/' + pattern, {headers: httpHeader} )
        .pipe(
    retry(3),
    catchError(this.handleError)
    );

}

I'm getting these errors when trying to do a get request:

Access to XMLHttpRequest at  SOMEADDRESS from origin 'http://localhost:4200' has 
been blocked by CORS policy: Response to preflight request doesn't pass 
access control check: No 'Access-Control-Allow-Origin' header is present on 
the requested resource.

How can I fix it, please?

Dale K
  • 25,246
  • 15
  • 42
  • 71
hagaip
  • 51
  • 7
  • Possible Duplicate: https://stackoverflow.com/questions/53087341/the-access-control-allow-origin-header-has-a-value-http-localhost4200-tha/53683422 – Saddam Pojee Dec 16 '18 at 08:52
  • @SaddamPojee I tried it, I dont want to use proxy because it has no security. – hagaip Dec 16 '18 at 09:00
  • Try dropping the entire '{headers: httpHeader}' from your request and see what happens. The code that sets that httpHeader value is wrong in multiple ways: (1) 'withCredentials' isn’t a header name, (2) all the Access-Control-Allow-\* headers are response headers, not request headers, (3) it makes not sense to set the Content-Type header for a GET request — because GET requests have no request body. – sideshowbarker Dec 16 '18 at 09:12
  • @sideshowbarker removed it and the first get request works !! but the second get request I have doesn't work. I also removed the headres from it but Im getting No 'Access-Control-Allow-Origin' header is present on the requested resource. – hagaip Dec 16 '18 at 09:57

1 Answers1

0

Add the following to your Web.Config file:

<system.webServer>
  <httpProtocol>
    <customHeaders>
     <add name="Access-Control-Allow-Origin" value="*" />
     <add name="Access-Control-Allow-Headers" value="Content-Type" />
     <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
     <add name="Access-Control-Allow-Credentials" value="true" />
    </customHeaders>  
  </httpProtocol>
</system.webServer>
Rami Assi
  • 910
  • 2
  • 10
  • 19
  • now im getting this, and I tried to change Origin to the backend url Access to XMLHttpRequest at 'ADDRESS' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute. – hagaip Dec 16 '18 at 09:15
  • Did you set the Access-Control-Allow-Origin value to your client app URL? `http://localhost:4200` for example – Rami Assi Dec 16 '18 at 09:42
  • yes I did, now im getting this eror 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status. – hagaip Dec 16 '18 at 09:47