Hi folks,
I realize that this question seems to come up very, very frequently. I assure you that I've gone through each one and tried many of the suggested solutions. One solution did seem to get me to a "working" state, but it does not seem like it addressed the actual underlying issue, but instead somehow worked around it. So, let me just explain my scenario and what I've tried and maybe we can figure this out and come up with a solution to whatever the true underlying issue here is.
I'm writing an AspNet WebApi application that will be served up by IIS. My application is currently using convention based routing, as opposed to attribute routing. My application needs to handle CORS pre-flight requests (OPTIONS). I've installed the required Microsoft.AspNet.WebApi.Cors package, from Nuget. Below are the versions of the AspNet packages that I'm using ...
<package id="Microsoft.AspNet.Cors" version="5.2.4" targetFramework="net461" /><package id="Microsoft.AspNet.WebApi" version="5.2.3" targetFramework="net461" /><package id="Microsoft.AspNet.WebApi.Client" version="5.2.4" targetFramework="net461" /><package id="Microsoft.AspNet.WebApi.Core" version="5.2.4" targetFramework="net461" /><package id="Microsoft.AspNet.WebApi.Cors" version="5.2.4" targetFramework="net461" /><package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net461" />
Based on my reading, the Microsoft.AspNet.WebApi.Cors package is supposed to add support for handling CORS pre-flight requests. This means I won't have to add manual OPTIONS action methods, etc - the nuget package brings that for me. So, I've configured the package so that it enables CORS for all available controllers, based on a commonly referenced blog post. To my understanding, this should be all that is needed for my application to begin responding to OPTIONS requests. Below is my configuration for completeness sake - it shows that I also configure some other things ...
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
var jsonMapping = new RequestHeaderMapping("Accept", "text/html", System.StringComparison.OrdinalIgnoreCase, true, "application/json");
var corsAttribute = new EnableCorsAttribute("*", "*", "*");
config.Formatters.JsonFormatter.MediaTypeMappings.Add(jsonMapping);
config.Services.Replace(typeof(IFilterProvider), new UnityFilterProvider(UnityConfig.Container));
config.EnableCors(corsAttribute);
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}Lastly, I've seen some reference to some items in the web.config regarding the OPTIONSVerbHandler. Mine is left at whatever the default value is, which is shown below ...
<system.webServer><handlers><remove name="ExtensionlessUrlHandler-Integrated-4.0" /><remove name="OPTIONSVerbHandler" /><remove name="TRACEVerbHandler" /><add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" /></handlers></system.webServer>
Finally, with all of these items in place, it appears that my application still fails to handle OPTIONS requests. Using postman, I simply send an OPTIONS request to any of my endpoints and regardless of endpoint I receive the following 405 response ...
Allow →POST
Cache-Control →no-cache
Content-Length →76
Content-Type →application/json; charset=utf-8
Date →Wed, 14 Feb 2018 20:50:14 GMT
Expires →-1
Pragma →no-cache
Server →Microsoft-IIS/10.0
X-AspNet-Version →4.0.30319
X-Powered-By →ASP.NET
X-SourceFiles →=?UTF-8?B?QzpcVXNlcnNccmNvbGVcRG9jdW1lbnRzXFZpc3VhbCBTdHVkaW8gMjAxN1xQcm9qZWN0c1xQb3J0YWwuUkVTVFxQb3J0YWwuUkVTVFxhY2NvdW50XGF1dGhlbnRpY2F0ZQ==?=
{"Message":"The requested resource does not support http method 'OPTIONS'."}Here's some of the things I've tried to fix this ...
- I tried removing the OPTIONSVerbHandler from web.config, which seemed to make no change.
- I tried explicitly putting EnableCorsAttribute on individual action methods and controllers, which seemed to make no change.
- I explicitly put HttpOptionsAttribute on an action method, which seemed to fix the issue. This seems like the incorrect approach, though, as that attribute is for saying that action method is for handling OPTIONS requests, which is not at all what I want. I thought Microsoft.AspNet.WebApi.Cors package brings its own OPTIONS handler.
So, after spending the past two days googling, trying various things, sleeping it on and trying again ... I'm unable to figure this out without a bit of help - I'm stuck.
Does anybody know what could be causing this issue? It doesn't seem like my Microsoft.AspNet.WebApi.Cors package is correctly wired up, or doing anything. The response has no CORS headers in it. It looks like AspNet doesn't think it has any OPTIONS handler in place, despite me enabling it in my configuration.
Any help is appreciated! Thanks!