It looks like your solution just automatically lets everyone in. Would be better if you modified it to show how you could create a whitelist of known domains that were acceptable. Like http://brockall
en.com/2012/06/ 28/cors-support -in-webapi-mvc- and-iis-with-th inktecture-iden titymodel/ Thanks, Paul
Hi , I already download your uploaded project and run it but it did'nt work and it return just error !! what is the problem bro ?
+1 this question.. because it is awesome
I had the same problem with the project (in VS2012), the MvcApp sever returned internal server error for evry request. Adding the CorseHandler.cs handler and adding the proper line in Global.asax.cs (GlobalConfigur
ation.Configura tion.MessageHan dlers.Add(new CorsHandler()); ) worked perfectly for me.
What I meant to say... adding the CoreseHandler.c
s TO MY MVC PROJECT worked. So the problem probably lies in the demo-project set-up, not the code it demonstrates.
Hi I have downloaded your code and I have hosted on IIS server and call it from different browsers (Cross browser), and every time it is giving an error not calling action of controller. Is dere any thing wrong with code sample.
I can see now there is a released version of Web API. Do we need to follow the same process to have CORS enabled in the released version of WebAPI? Is there any link to help for the latest version?
Working on IE 9 w/cookies: Origin: app.foo.com WebApi: app.foo.com:808
0 Not working on FF 19.0.2 with cookies: Origin: app.foo.com WebApi: app.foo.com:808 0 Not Working on FF 19.0.2 with cookies: Origin: app.foo.com WebApi: svc.foo.com Not Working on IE 9 at all, no request made: Origin: app.foo.com WebApi: svc.foo.com Sorry for the multiple posts. Any help would be oh so appreciated. I am using jQuery to make the requests - all GET requests so far. Thanks!!!
I was wrong and right in my earlier question. I can get this to work from IE (cookies and all) if the origin & webapi urls are the same but differ by port. E.g. origin (app.foo.com) webapi (api.foo.com or api.bar.com). Any ideas how or if this can work?
First - great post! I got this to work with IE & FF but FF won't send cookies even though I return Access-Control-
Allow-Credentia ls: true. Any thoughts about if this can work with FF (and eventually Safari & Chrome)? Thanks!
Not sure why you defined constants for Origin, AccessControlRe
questMethod, etc... and then didn't include them in your code example. Makes it pretty confusing for anyone trying to work from the code sample without downloading your whole project.
Hi, I looked at the code sample for CORS support. Its just came to my mind.Do you think there will be any issue with HTTPS ? Thanks for your pointers.
Yes, this should work for HTTPS as well.