Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

CORS with WebAPI for XmlHttpRequest

Tags:

xmlhttprequest

cors

asp.net-web-api

Just wanted to know what is the best elegant way (currently available) to handle CORS (Cross-Origin Resource Sharing) in ASP.NET WebAPI so i can use XmlHttpRequest over multiple domains ? How i can integrate this in the headers of every type of request (GEt, POST, etc..) with OPTIONS too ?

Thanks!

like image 998
Rushino Avatar asked Oct 04 '12 17:10

Rushino

People also ask

Does XMLHttpRequest support CORS?

The Cross-Origin Resource Sharing (CORS) specification consists of a simple header exchange between client-and-server, and is used by IE8's proprietary XDomainRequest object as well as by XMLHttpRequest in browsers such as Firefox 3.5 and Safari 4 to make cross-site requests.

Should I enable CORS on my API?

So if you have an API that is designed to be only used by XHR, you can (and should) require the request to conform with CORS. Especially if the requests can also modify state on your server as otherwise you would be vulnerable to CSRF.

What is CORS in Web API with example?

CORS is a W3C standard that allows you to get away from the same origin policy adopted by the browsers to restrict access from one domain to resources belonging to another domain. You can enable CORS for your Web API using the respective Web API package (depending on the version of Web API in use) or OWIN middleware.

Video Answer

2 Answers

Tpeczek have a nice found, however while doing my own research ive found something similar and also very elegant ways of handling CORS which enable you to configure your CORS in a config file in App_Start folder. Its all handled using an open source library called Thinkecture. See details here :

http://brockallen.com/2012/06/28/cors-support-in-webapi-mvc-and-iis-with-thinktecture-identitymodel/

It have many advantages.. you can configure origins, methods (GET, POST, etc.), access to specifics controllers and actions and it also keep your controllers clean from any attributes.

WebAPI, IIS and ASP.NET MVC is supported !

like image 50
Rushino Avatar answered Oct 09 '22 14:10

Rushino

Carlos Figueira has a nice series of posts about CORS and ASP.NET Web API:

  • Implementing CORS support in ASP.NET Web APIs
  • Implementing CORS support in ASP.NET Web APIs – Take 2
  • CORS support in ASP.NET Web API – RC version

Personally I'm a big fan of Take 2 approach because EnableCors attribute can be easly extended to give you control over allowed origins.

like image 32
tpeczek Avatar answered Oct 09 '22 15:10

tpeczek
Sign in to Comment

Related questions

using XMLHttpRequest send file with data
XMLHttpRequest and http streaming
SCRIPT7002: XMLHttpRequest: Network Error 0x2ee7, Could not complete the operation due to error 00002ee7
How to receive php image data over copy-n-paste javascript with XMLHttpRequest
Angular js - $http cache time?
Getting status code 0 angular HttpClient?
The page freezing on XMLHttpRequest
python asynchronous httprequest
Why does an OPTIONS request fail when the answer to the follow up request is a 204?
JavaScript XMLHttpRequest.onreadystatechange
How to parse multipart/form-data on firebase cloud functions?
With respect to client side security, does CORS do anything other than subvert same-origin-policy?
What is the purpose of the XHR cross domain restrictions?
What are the security risks in using cross-domain XMLHttpRequest?
JavaScript innerHTML is not working for IE?
Get specific content off responseText
Javascript: Sending arrayBuffer using XMLHttpRequest
http requests in stenciljs
jQuery AJAX requests failing in IE8 with message 'Error: This method cannot be called until the open method has been called.'
How to get pure XMLHTTPRequest object in jQuery 1.5?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!