Skip to main content

Configuring CORS in IIS - Response to preflight request doesn't pass access control check: It does not have HTTP ok status

The Access-Control-Allow-Origin Header Explained – With a CORS Example Often times when calling an API, you may see an error in your console that looks like this: 
 
Access to fetch at 'http://somesite.com' from origin 'http://yoursite.com' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value that is not equal to the supplied origin


Add following in 
 
<system.webServer> 
 <httpProtocol> 
 <customHeaders> 
  <add name="Access-Control-Allow-Methods" value="*" /> 
  <add name="Access-Control-Allow-Origin" value="*" /> 
  <add name="Access-Control-Allow-Headers" value="*" /> 
 </customHeaders> 
 </system.webServer>
After adding the above code in web.config, received the following error in response. 
 
 .... Has been blocked by CORS policy: Response to preflight request
  doesn’t pass access control check: it does not have http ok status

  You may still need to remove the default IIS OPTIONSVerbHandler, then add the OPTIONS verb to appropriate handler(s) to allow the requests to get to your api. then removing/commenting the following "OPTIONSVerbHandler" handler line //This line was not documented on Microsoft website > 
 
  <!--<remove name="OPTIONSVerbHandler" />-->
or changing it with the following:   
 
   <add name="OPTIONSVerbHandler" path="*" verb="OPTIONS"
  modules="ProtocolSupportModule" requireAccess="None"
  responseBufferLimit="4194304" />

// For me it worked without adding the following code in Web API. but for the safe side ...   Then in the Global.asax file, add the following method: 
 
 protected void Application_BeginRequest(object sender, EventArgs e) 
 { 
  if (HttpContext.Current.Request.HttpMethod == "OPTIONS") 
  { 
    HttpContext.Current.Response.Flush(); 
  } 
 }
Labels:

Comments

Post a Comment

Popular posts from this blog

Call User-defined Function on Linked Server :SQL Server

If you try to invoke a user-defined function (UDF) through a linked server in SQL Server by using a "four-part naming" convention (server.database.dbo.Function), you may receive error message.  The reason is User-defined function calls inside a four-part linked server query are not supported in SQL Server. Thats why error message indicates that the syntax of a Transact-SQL statement is incorrect.  To work around this problem, use the Openquery function instead of the four-part naming convention. For example, instead of the following query Select * from Linked_Server.database.dbo.Function(10) run a query with the Openquery function: Select * from Openquery(Linked_Server,'select database.dbo.Function(10)') If the user-defined function takes variable or scalar parameters, you can use the sp_executesql stored procedure to avoid this behavior.  For example: exec Linked_Server.database.dbo.sp_executesql N'SELECT database.dbo.Function(@input)',N'@input...
10 comments
Read more

Truncate a SQL Server log file (Reduce the size of an LDF file)

I have been doing database administration and have been asked several times to reduce the size of database files. The actual mdf file is small, 3MB, but the LDF file is 10GB !! I have read about the DBCC SHRINKFILE command and tried this, but the file has stayed at 10GB even though it said the command executed fine. I've also tried using the wizard in SQL Server to reduce the LDF to a specified file size (800MB), this also failed to change the size even though it gave me the impression it had worked and was successful via the wizard. The best thing I found is to change the recovery mode of database to RECOVERY SIMPLE before executing the SHRINKFILE command. After that change back the recovery mode to FULL . ALTER DATABASE ExampleDB SET RECOVERY SIMPLE DBCC SHRINKFILE('ExampleDB_log', 0, TRUNCATEONLY) ALTER DATABASE ExampleDB SET RECOVERY FULL Happy Coding :)
Post a Comment
Read more

Pass multiple complex objects to Web API action

Working with ASP.NET Web API, the most unexpected thing is the limited support of POST data values to simple ApiController methods. When a parameter has [FromBody], Web API uses the Content-Type header to select a formatter. At most one parameter is allowed to read from the message body. The reason for this rule is that the request body might be stored in a non-buffered stream that can only be read once. A simple principle, you can send any content in HTTP request, it only need to be serializable into a string. So, it could be multiple JSON object. In this example, the content type is "application/json" and the request body is a raw JSON string (not a JSON object). Here I found a workaround to pass multiple complex objects (using the above principle) from jquery to a WEB API using JObject , and then cast back to your required specific object type in api controller. This objects provides a concrete type specifically designed for working with JSON. var customer = { ...
Post a Comment
Read more