in preflight request wich codes should use authorization errors?
i mean, can have 2 different unauthorized error:
- user can't run preflight (options method handled - think should not use 405 - user not authorized ask options)
- user not have rights call requested method (specified access-control-request-method)
i had similar setup showing 405 errors , 500 errors attempting cors running on web service. fix needed response.end() call if request pre-flight options method. web.config web handlers found in cors documentation fine, long options included in list of allowed calls. did not need move of customer handlers code.
basically, fix/setup includes 1 major fix in applicationonbeginrequest handler:
private void applicationonbeginrequest( object sender, eventargs eventargs ) { ... if ( context.request.httpmethod == "options" ) response.end(); } and these handlers in web.config:
<system.webserver> <!--other handlers/modules ...--> <httpprotocol> <customheaders> <clear /> <add name="access-control-allow-origin" value="*" /> <add name="access-control-allow-credentials" value="true" /> <add name="access-control-allow-headers" value="content-type,accept" /> <add name="access-control-allow-methods" value="get,post,put,delete,options" /> </customheaders> </httpprotocol> </system.webserver> 
Comments
Post a Comment