Origin http://localhost is not allowed by Access-Control-Allow-Origin

I’m trying to call a webservice from my local machine. But the I get the following errors in Chrome console:
http://www.test.com/service.svc/api/?cid=1 405 (Method Not Allowed)
XMLHttpRequest cannot load http://www.test.com/service.svc/api/?cid=1.
Origin http://localhost is not allowed by Access-Control-Allow-Origin.

My local test URL is:

When I upload my code to the actual domain and call the webservice from there, it does work ofcourse.

I’ve already tried to change the access control headers, but that doesnt help.

Namespace RestService

Public Class service
    Implements Iservice

    Public Function GetProvinces(ByVal cid As String) As AjaxControlToolkit.CascadingDropDownNameValue() Implements Iweddingservice.GetProvinces
        WebOperationContext.Current.OutgoingResponse.Headers.Add("Access-Control-Allow-Methods", "DELETE, POST, GET, OPTIONS")
        WebOperationContext.Current.OutgoingResponse.Headers.Add("Access-Control-Allow-Origin", "*")

        Dim MyConnection As SqlConnection = GetConnection()
        Dim cmd As New SqlCommand("SELECT provinceid,title FROM provinces WHERE <a href="https://getridbug.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="d497bba1baa0a6ad9d90e99497bba1baa0a6ad9d90">[email protected]</a> ORDER BY title ASC", MyConnection)
        cmd.Parameters.Add(New SqlParameter("@CountryID", cid))
        Dim values As New List(Of CascadingDropDownNameValue)
            Dim reader As SqlDataReader = cmd.ExecuteReader
            While reader.Read
                values.Add(New CascadingDropDownNameValue(reader("title").ToString, reader("provinceid").ToString))
            End While
        Catch ex As Exception

        End Try
        Return values.ToArray
    End Function

End Class

End Namespace


Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.

Method 1

The request to the service is failing because of browser same origin policy. Your local server is at http://localhost while you are trying to access a resource at http://www.test.com/. These are both at different domains. So it won’t work.

The solution to this problem is to use the Access-Control-Allow-Origin and Access-Control-Allow-Methods, part of the CORS spec. You’ve included these in the response headers but that won’t do any good because the browser will be making a pre-flight request with OPTIONS verb to verify if the call is allowed. Since your service is not able to handle the OPTIONS verb you are seeing a 405 (Method Not Allowed) error.

So, if you’d want your service to be accessible from a different domain then you’ll have to modify your WCF service to support CORS. I would recommend this link: http://blogs.microsoft.co.il/blogs/idof/archive/2011/07/02/cross-origin-resource-sharing-cors-and-wcf.aspx. By using this you can make your service support CORS with no change in your existing code.

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x