i was just looking at this article https://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api to know how we can enable CORS for web api.
the article show how to enable cors. here is code
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// New code
config.EnableCors();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}1) my question is config.EnableCors(); is not capable to enable CORS because article show we need to decorate controller or action
enable cors for single controller.
[EnableCors(origins:"http://www.example.com", headers:"*", methods:"*")]publicclassItemsController:ApiController{publicHttpResponseMessageGetAll(){...}publicHttpResponseMessageGetItem(int id){...}publicHttpResponseMessagePost(){...}[DisableCors]publicHttpResponseMessagePutItem(int id){...}}
Enable cors for single action.
public class ItemsController : ApiController
{
public HttpResponseMessage GetAll() { ... }
[EnableCors(origins: "http://www.example.com", headers: "*", methods: "*")]
public HttpResponseMessage GetItem(int id) { ... }
public HttpResponseMessage Post() { ... }
public HttpResponseMessage PutItem(int id) { ... }
}guide me about this syntax
[EnableCors(origins: "http://www.example.com", headers: "*", methods: "*")]
origins: url : do i need to provide here any valid url or any url ?
what is the meaning of headers: "*", methods: "*"
thanks