Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

owin cors or web api cors

Tags:

there are 100s of question on CORS on web-api, and on how to enable CORS, there is a different answer each one provides. I am so confused and dont know which answer is correct. And the problem is none of the answers actually explains it point wise, what each line of code does, so that I can understand and solve my problem rather than copy-pasting the code.

anyways, the question is: I am using asp.net web api 2 using owin. And i need to enable CORS. how do I do it? There is cors settings for OWIN

  application.UseCors(CorsOptions.AllowAll);

and there is cors settings for asp.net web api

   var cors = new EnableCorsAttribute("*", "*", "*", "*");    config.EnableCors(cors);

which one should I use given I am not using OAUTH (I am specifying this because answers on SO differ on when we use OAUTH v/s when we dont use it).

Do i need to enable CORS for both OWIN & WEB-API or only for one of them. There is issue if both are enabled, read here

It would be really helpful if someone can explain me the difference between

  1. OWIN CORS
  2. WEB API CORS
  3. CORS with OAUTH using OWIN/WEBAPI

Also there are answers for self-hosted web api against owin hosted web-api, which further adds to the confution :(, sorry for the rant

like image 957
harishr Avatar asked Dec 05 '14 05:12

harishr

People also ask

What is Microsoft Owin CORS?

UseCors(Microsoft. Owin. Cors. CorsOptions. AllowAll); is used to enable CORS for the API itself (Any controller inheriting from ApiController ).

What is Web API CORS?

Cross-origin resource sharing (CORS) is a browser security feature that restricts cross-origin HTTP requests that are initiated from scripts running in the browser. If your REST API's resources receive non-simple cross-origin HTTP requests, you need to enable CORS support.

1 Answers

You are supposed to use Web API's CORS if you need CORS applied to your API Controllers. For everything else (like a token service) you're stuck with having to use Owin.Cors.

If you end up using both, you'll need to make sure they don't overlap and apply CORS twice to the same request.

Web API 2.2 makes it easy to enable CORS by providing the EnableCorsAttribute.

Basic Usage

[EnableCors("*", "*", "*")] public class ResourcesController : ApiController {     ...

Attribute definition

[AttributeUsageAttribute(AttributeTargets.Class|AttributeTargets.Method, AllowMultiple = false)] public EnableCorsAttribute(     string origins,     string headers,     string methods )

To enable CORS globally use

public static class WebApiConfig {     public static void Register(HttpConfiguration config)     {         var cors = new EnableCorsAttribute("www.example.com", "*", "*");         config.EnableCors(cors);         // ...     } }

You will also need to install the CORS package from nuget

Install-Package Microsoft.AspNet.WebApi.Cors
like image 169
Mihai Dinculescu Avatar answered Oct 19 '22 15:10

Mihai Dinculescu
Sign in to Comment

Related questions

how to pass custom parameters to a locust test class?
Microservices authentication
How do I restrict access to a static s3 website to a VPN
How to enable or fake mini variant from Material Design guide for android.support.v4.widget.DrawerLayout?
Redis pagination strategy for infinite scrolling page
datagrip Cannot apply changes This table is read only. Cell editor changes cannot be applied
Convert a static library target into a framework target in an Xcode project
Array.Initialize - Why does this method exist?
Images not loading in Fresco
Make text "more" selectable
Gradle - add directory to classpath
Objective reasons for using spaces instead of tabs for indentation?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!