WCF CORS issue

Last Reply 9 days ago By dharmendr

Posted 9 days ago

I am creating WCF Restful Services to be consumed in my mobile application.

I have 2 solutions first one is for WCF services and second one is for mobile application.

When I deployed my WCF services on my live server it shows this on Ajax call

“Response to preflight request doesn't pass access control check: It does not have HTTP ok status”

WCF projects contains only 2 method, one is GET method and second one is POST.

GET request is working fine but CORS error is showing on POST method. When I am testing this on my local machine whole projects works fine. I have tried few solutions, but nothing works like adding these keys on my WCF config file

 

<httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Credentials" value="true" />
        <add name="Access-Control-Allow-Headers" value="Accept, Content-Type, Content-Version, X-Requested-With" />
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH" />
        <add name="Access-Control-Max-Age" value="1728000" />
      </customHeaders>
    </httpProtocol>

 

And by creating my own end point by reading this article

http://developers-club.com/posts/219895/

 

I also tried following code in GLOBAL.asax file but it seems global.asax file not working after publishing my WCF solution.

 

 

protected void Application_BeginRequest(object sender, EventArgs e)
        {
            
            var request = HttpContext.Current.Request;
            var response = HttpContext.Current.Response;
            var origin = request.Headers["Origin"];

            if (origin != null)
            {
                response.AddHeader("Access-Control-Allow-Origin", origin);
                response.AddHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
                response.AddHeader("Access-Control-Allow-Headers", "Content-Type, X-Requested-With");
                response.AddHeader("Access-Control-Allow-Credentials", "true");
                if (request.HttpMethod == "OPTIONS")
                {
                    response.End();
                }
            }
        }

 

Here is my calling method

 

$.ajax({
                url: "http://***/Service1.svc/GetCustomers",
                cache: false,
                type: "POST",
                crossDomain: true,
                data: JSON.stringify({ "name": "ATIF REHMAT" }),
                contentType: "application/json; charset=utf-8",
                dataType: "json",
                success: function (data) {
                    $("#data").html(JSON.stringify(data));
                },
                error: function (XMLHttpRequest, textStatus, errorThrown) {
                    $("#data").html(JSON.stringify(XMLHttpRequest) + "<br>" + textStatus + "<br>" + errorThrown);

                }

            });

 

And here is the service

 

[WebInvoke(Method = "POST", BodyStyle = WebMessageBodyStyle.Wrapped, ResponseFormat = WebMessageFormat.Json)]
        public string GetCustomers(string name)
        {
            return name;
        }

 

atifrehmat has viewed this question 9 days ago.

Posted 9 days ago

Ok I have tried the web config one it gives me this error

"Access to XMLHttpRequest at 'http://localhost:52698/Service1.svc/GetCustomers' from origin 'http://localhost:50221' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status."

 

 

<httpProtocol>
      <customHeaders>
        <add name="Access-Control-Allow-Headers" value="accept, content-type" />
        <add name="Access-Control-Allow-Origin" value="http://localhost:50221" />
        <add name="Access-Control-Allow-Methods" value="POST, GET, OPTIONS" />
      </customHeaders>
    </httpProtocol>

 

and by adding code in global asax its shows

"Failed to load resource: the server responded with a status of 400 (Bad Request)"

 

 

protected void Application_BeginRequest(object sender, EventArgs e)
        {
            var context = HttpContext.Current;
            var response = context.Response;

            // enable CORS
            response.AddHeader("Access-Control-Allow-Origin", "*");

            if (context.Request.HttpMethod == "OPTIONS")
            {
                response.AddHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
                response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
                response.End();
            }

        }