I am trying to get all types of requests to work with Nancy and CORS. Currently I add a pipeline at the end of the request:
pipelines.AfterRequest.AddItemToEndOfPipeline((ctx) => ctx.Response
.WithHeader("Access-Control-Allow-Origin", "http://localhost:57515")
.WithHeader("Access-Control-Allow-Methods", "POST, GET, DELETE, PUT, OPTIONS")
.WithHeader("Access-Control-Allow-Headers", "Accept, Origin, Content-type")
.WithHeader("Allow", "POST, GET, DELETE, PUT, OPTIONS"))
The options request comes back with a status code of 200, which leads me to believe that it executed fine, but for any type of request other than OPTIONS it fails with 405 Method Not Allowed. Is there anything else that I need to do either client side or server side in order to get this to work?
The client side library I am using is backbone.
Thanks in advance.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
I don’t think you need to specify OPTIONS as an allowed CORS method. I’ve never seen that set, and I’ve never set it myself. Browsers don’t complain.
Otherside I have a similar setup as you in my :
public abstract class MyModule : NancyModule
protected MyModule(bool hasRazorView = true)
After.AddItemToEndOfPipeline((ctx) => ctx.Response
.WithHeader("Access-Control-Allow-Origin", "*")
.WithHeader("Access-Control-Allow-Methods", "POST,GET")
.WithHeader("Access-Control-Allow-Headers", "Accept, Origin, Content-type"));
. . . .
}
}
In my case, the CORS get sent on my GET and POST, but not the OPTIONS. I overrode the default OPTIONS handling with Options["/"] = route => new Response(). That let the rest of the pipeline fire.
Method 2
I find it nicer to handle CORS headers in IIS rewriter rules this is sample rewrite webconfig section which does that:
<rewrite>
<outboundRules>
<rule name="Set Access Control Allow Origin Header" preCondition="Origin header">
<match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern="(.*)" />
<action type="Rewrite" value="{HTTP_ORIGIN}" />
</rule>
<rule name="Set Access Control Allow Headers Header" preCondition="Origin header">
<match serverVariable="RESPONSE_Access-Control-Allow-Headers" pattern="(.*)" />
<action type="Rewrite" value="Content-Type" />
</rule>
<rule name="Set Access Control Allow Methods Header" preCondition="Origin header">
<match serverVariable="RESPONSE_Access-Control-Allow-Method" pattern="(.*)" />
<action type="Rewrite" value="POST,GET,OPTIONS" />
</rule>
<rule name="Set Access Control Allow Credentials Header" preCondition="Origin header">
<match serverVariable="RESPONSE_Access-Control-Allow-Credentials" pattern="(.*)" />
<action type="Rewrite" value="true" />
</rule>
<preConditions>
<preCondition name="Origin header" logicalGrouping="MatchAny">
<add input="{HTTP_ORIGIN}" pattern="(http://localhost$)" />
<add input="{HTTP_ORIGIN}" pattern="(http://.*.YOURDOMAIN.com$)" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
Remember to install IIS rewrite module: http://www.iis.net/downloads/microsoft/url-rewrite
Method 3
On .NET Core, I was able to pass through CORS using the code below in the Configure method:
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public virtual void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
// Shows UseCors with CorsPolicyBuilder.
app.UseCors(builder =>
builder.WithOrigins(new[] { "http://localhost:4200" }).AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
);
app.UseOwin(a => a.UseNancy(b => b.Bootstrapper = new NancyBootstrap(this.Container)));
}
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0