Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • JohanO 2 posts 22 karma points
    Feb 21, 2020 @ 09:15
    JohanO
    0

    CORS problem with API. HTTP OPTIONS call returns 405

    Hi,

    I have added a WebAPI to my Umbraco 8 site, by subclassing UmbracoApiController. Calling the WebAPI using Postman works fine, but when calling it from an external web app it fails. I am getting problems with CORS in the browser. It says OPTIONS {myendpoint} 405 (Method Not Allowed) and Access to {myendpoint} has been blocked by CORS policy: Response to preflight request doesn't pass access control check

    I have modified the web.config file to add the headers required by CORS ('Access-Control-Allow-Origin' and 'Access-Control-Request-Headers') and verified with Postman they are correct. In short:

    • HTTP POST {mysite}/umbraco/api/{mystuff} works fine and has correct CORS headers.
    • HTTP OPTIONS {mysite}/umbraco/api/{mystuff} fails with 405.

    Found this code snippet on how to add CORS, but that code is for Umbraco 7 and doesn't even compile for Umbraco 8.

    Any ideas?

  • JohanO 2 posts 22 karma points
    Feb 22, 2020 @ 11:16
    JohanO
    0

    Solved the problem!

    Had to do two things.

    1. Add CORS headers to return in web.config
    2. Add [HttpOptions] header to my controller action.

    web.config

    <configuration>
      ...
      <system.webserver>
        ...
        <httpProtocol>
          <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Headers" value="*" />
            <add name="Access-Control-Allow-Methods" value="GET, POST, OPTIONS" />
            <add name="Access-Control-Max-Age" value="86400" />
          </customHeaders>
        </httpProtocol>
    

    MyController.cs

    public class MyController : UmbracoApiController
    {
        [HttpPost]
        [HttpOptions]
        public Task<IHttpActionResult> MyMethod()
        {
            ...
        }
    }
    
  • Abanoub Ayaad 9 posts 79 karma points
    May 19, 2021 @ 19:39
    Abanoub Ayaad
    0

    Dear I tried that but not working

  • Huw Reddick 1702 posts 5999 karma points MVP c-trib
    May 19, 2021 @ 20:07
    Huw Reddick
    0

    It may be your call that is the problem

    Have read of this http://www.html5rocks.com/en/tutorials/cors/#toc-types-of-cors-requests

  • Abanoub Ayaad 9 posts 79 karma points
    May 19, 2021 @ 20:14
    Abanoub Ayaad
    0

    Really appreciated for your fast reply , the shared link is useful but I will share my web config

        <add name="Access-Control-Allow-Origin" value="*" />
    
        <remove name="Access-Control-Allow-Credentials" />
    
        <add name="Access-Control-Allow-Credentials" value="true" />
        <remove name="X-Frame-Options" />
        <add name="X-Frame-Options" value="sameorigin" />
        <remove name="X-Content-Type-Options" />
        <add name="X-Content-Type-Options" value="nosniff" />
        <remove name="Strict-Transport-Security" />
        <add name="Strict-Transport-Security" value="max-age=10886400" />
        <remove name="X-XSS-Protection" />
        <add name="X-XSS-Protection" value="1; mode=block" />
      </customHeaders>
    </httpProtocol>
    

    as well I tried adding custom class by registering enableCors public static class WebApiConfig { public static void Register(HttpConfiguration config) { config.EnableCors(new EnableCorsAttribute("*", "", ""));

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );
        }
    }
    

    Also added a data notation over my umbraco api controller [EnableCors("","","*",PreflightMaxAge =200)]

    all of these couldn't help for sorry this issue getting me mad

  • Huw Reddick 1702 posts 5999 karma points MVP c-trib
    May 20, 2021 @ 16:07
  • Abanoub Ayaad 9 posts 79 karma points
    May 20, 2021 @ 19:23
    Abanoub Ayaad
    0

    Really this worked on azure only by enabling cors origin of the app service itself , unfortunately we will pass azure for its expenses and move to smarter asp we deployed on it all get requests are working but remaining post request you can check it by submitting that form with any values open console tab finally thanks for your efforts.

    http://testvue-001-site1.dtempurl.com/RatingForm

  • Huw Reddick 1702 posts 5999 karma points MVP c-trib
    May 20, 2021 @ 19:38
    Huw Reddick
    0

    Although the thread is about azure the processes followed are not azure specific. Either your umbraco setup is incorrect or the way you are calling your API is incorrect, one or the other. We successfully use cors in with an umbracoapi and another site calling it.

  • Abanoub Ayaad 9 posts 79 karma points
    May 20, 2021 @ 19:42
    Abanoub Ayaad
    0

    Would like to mention that local environment working successfully with no problem

  • Huw Reddick 1702 posts 5999 karma points MVP c-trib
    May 20, 2021 @ 19:51
    Huw Reddick
    0

    How are you calling your local setup from an external domain?

    If it isn't working on your server then it is likely an iOS problem if you say it works locally.

  • Abanoub Ayaad 9 posts 79 karma points
    May 20, 2021 @ 19:56
    Abanoub Ayaad
    0

    My local I meant with it, My IIS server website calling it from another site

  • Huw Reddick 1702 posts 5999 karma points MVP c-trib
    May 20, 2021 @ 20:26
    Huw Reddick
    0

    Sorry, I'm not understanding what you are trying to say.

    What works and what doesn't?

    If you have umbraco set up in a local iis website and can call it from another site then it isn't a problem with umbraco.

    If you have it set up on another server in iis and that fails then it is a server issue.

  • Abanoub Ayaad 9 posts 79 karma points
    May 24, 2021 @ 16:38
    Abanoub Ayaad
    0

    For in details clarification MR/Reddick I have an app built with umbraco and act as umbraco API endpoint , on the other hand I have a vue app as frontend app let's head away vue app away it's not our matter . On building the backend app all APIs locally on postman and IIS website are working successfully even "calling it from another website on IIS" then after deployment on azure faced that mentioned issue of CORS preflight error but it's resolved by enabling CORS of azure app service in addition to applying https://piotrbach.com/umbracocms-enable-cors-requests-in-umbracoapicontroller . Cuz of highly expenses on azure we had to move on to any other hosting vendor after trying SmarterAsp that issue has been encountered again even if applying the previous URL steps. Eventually hope to find a reasonable cause for that.

Please Sign in or register to post replies

Write your reply to:

Draft