Menu
I have written a WebAPI controller that I'm using CORS to request data as a GET with a cross domain AJAX call. In my local environment, over HTTP, everything works as expected. When I promote the code to our pre-production environment, which is over HTTPS, the OPTIONS request fails with the following: No 'Access-Control-Allow-Origin' header is present on the requested resource
In doing research, I've found that in the event of an error during the request, the Access-Control-Allow-Origin error will be shown. Regardless of what the error was. This is do to security, so I can't find what the actual error is.
As I said before, everything works across HTTP perfectly but fails across HTTPS. I've set up logging on the WebAPI controller and the OPTIONS method is not even getting hit when requested over HTTPS from cross domain.
Below is an OPTIONS method in my WebAPI controller:
[AcceptVerbs("OPTIONS")]
public HttpResponseMessage Options()
{
var resp = new HttpResponseMessage(HttpStatusCode.OK);
resp.Headers.Add("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Accept");
resp.Headers.Add("Access-Control-Allow-Origin", ConfigurationManager.AppSettings["MSOContent"]);
resp.Headers.Add("Access-Control-Allow-Credentials", "true");
return resp;
}
There must be something in the HTTPS protocol that is killing the request in some form. Any help would be greatly appreciated.
700
asked Mar 29 '26 22:03
If it's working over HTTP then it's quite likely that the problem is that your browser is dealing with an SSL certificate that is untrusted and has not been accepted. The console error message for this problem looks exactly the same as an 'Origin' CORS error.
Browse to https://youdomain and see if the following pops up:
If so, add the exception, and now your browser will happily make calls to that domain using your now trusted certificates.
82
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
