OPTIONS 405 (Method Not Allowed) regardless server sends Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST

Question

I'm trying to make cross-domain request and my server is configured to send the following headers:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:x-requested-with, Authorization
Access-Control-Allow-Methods:OPTIONS, GET, HEAD, POST
Access-Control-Allow-Origin:*

But when an OPTION request is made, I get OPTIONS 405 (Method Not Allowed) error.

Any Ideas what is the problem and how to fix it?

Answer 1

I would suggest 2 solutions:

1) If you are using WebAPI you need to implement the option method that by convention should look like:

public class XXXController : ApiController
{
    // OPTION http-verb handler
    public string OptionsXXX()
    {
        return null; // HTTP 200 response with empty body
    }

    ...
}

2) If you are not using WebAPI try to understand which part of your code triggers the OPTIONS 405 (Method Not Allowed) error for the OPTION call. In that case I would check if trying to add to the Web.config file these <customHeaders/> that works:

<configuration>
  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <!-- CORS temporary solution -->
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="Content-Type, Authorization, Accept, X-Requested-With" />
        <add name="Access-Control-Allow-Methods" value="OPTIONS, TRACE, GET, HEAD, POST, PUT" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>
</configuration>