Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Alex Skrypnyk 5772 posts 21986 karma points MVP 4x admin c-trib
    Aug 11, 2020 @ 18:20
    Alex Skrypnyk
    0

    I'm trying to enable CORS with Umbraco 7.1.8

    Is it possible to make it work without Upgrading Umbraco to 7.3?

    In 7.3 MVC5 and webAPI2

    Thanks,

    Alex

  • Anders Bjerner 443 posts 2545 karma points MVP 4x admin c-trib
    Aug 11, 2020 @ 21:51
    Anders Bjerner
    100

    Hi Alex,

    It this for your own custom WebAPI controllers? Then there are a couple of options that should do the trick.

    1. In the system.webServer section of your main Web.config file, you can add the following:

    <httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
      </customHeaders>
    </httpProtocol>
    

    I can't remember how many of these elements are there by default when you install Umbraco 7.1.8, so httpProtocoland customHeaders may already be there - so make sure to not add them twice.

    A downside with this approach is that it will apply to all responses.

    2. You can add the header manually. Eg. something like:

    HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", "*");
    

    This may not work depending how your controller is implemented. Accessing the HTTP context via the static Current property should also generally be avoided, but it is sometimes just the hack you need to get things working.

    If you add this in the start of your controller method, it will only apply to responses from that particular method.

    3. Personally I prefer to put an attribute in the controller class or method. In SPA/Headless package, we have this useful attribute:

    https://github.com/skybrud/Skybrud.Umbraco.Spa/blob/master/src/Skybrud.Umbraco.Spa/Attributes/AccessControlAllowOriginAttribute.cs

    With this attribute, usage could be something like:

    using System.Web.Http;
    using Umbraco.Web.WebApi;
    
    
    [AccessControlAllowOrigin]
    public class MyController : UmbracoApiController {
    
        [HttpGet]
        public object Update() {
    
            return new { yay = true };
    
        }
    
    }
    

    Or:

    using System.Web.Http;
    using Umbraco.Web.WebApi;
    
    
    public class MyController : UmbracoApiController {
    
        [HttpGet]
        [AccessControlAllowOrigin]
        public object Update() {
    
            return new { yay = true };
    
        }
    
    }
    

    In the first example where the attribute is added to the class, the header will automatically be added to responses from all the methods in your controller class.

    In the second example, the attribute is instead added to the method, so the header will only be added to responses from that particular method.



    There are some other approaches as well, but without having seen your code, these are the ones that come to mind. I would recommend the third approach as it IMO gives the cleanest code and best flexibility.

Please Sign in or register to post replies

Write your reply to:

Draft