CORS settings are ignored, Access-Control-Allow- * headers are not written
After Access-Control-Allow-Origin
running into a known issue while testing ServiceStack, I did a bunch of reading on CORS to better understand the issue. I also came across this very helpful SO question .
However, the solutions didn't work for me. I tried to enable the plugin CorsFeature
and also tweak the endpoint configuration manually, but after two tries I saw that the response headers coming back from the server did not include any of my headers Access-Control-Allow-*
, so the problem persisted.
I tried another solution that ended up working for me (via some other problems that are not relevant here). I added the following to my web.config service:
<system.webServer>
[...snip...]
<httpProtocol>
<customHeaders>
<clear />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
<add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
</customHeaders>
</httpProtocol>
</system.webServer>
My question is , why was I able to get my headers written using this web.config method, but not using the built-in CORS ServiceStack support? Is there a config setting that I'm missing somewhere?
source to share
I looked through more @mythz SO answers and came across this one . For reasons I don't fully understand (yet), adding queries to this filter (as well as the CorsFeature plugin) allows everything to function as expected. I am not getting an error in my preflight OPTIONS request or any source code errors in my GET and POST.
So, in short, my final solution was to copy the code from mythz's answer in this post to mine AppHost.Configure()
and remove the custom web.config headers . (Before I removed my own headers from my web.config, I was actually getting my headers in half!)
source to share