Is it necessary to enable Cross-Origin Requests for ASP.NET Web API?

Asked

Viewed 62 times

0

I made a test application, where I point to a web api that’s online, the address of this api works and return the data if it’s posted to the browser URL, it does a GET. In the test application I have:

<Div>
    <Select id="method">
        <Option value="get"> GET </option>
        <Option value="post"> POST </option>
        <Option value="put"> PUT </option>
    </Select>
         
    <Input type="button" value="Experimente" onclick="sendRequest()" />
    <Span id='value1'>(Resultado)</span>
 
</Div>
 

@section scripts {
    <script>
    // TODO: Replace with the URL of your WebService app
        var serviceUrl = ‘enderecoapi';
 
    function sendRequest() {
        var method = $('#method').val();
 
        $.ajax({
            type: method,
            url: serviceUrl
        }).done(function (data) {
            $('#value1').text(data);
        }).error(function (jqXHR, textStatus, errorThrown) {
            $('#value1').text(jqXHR.responseText || textStatus);
        });
    }
    </script>
}

You’re not returning the data to me, I inspected the data and did not return error, only "XHR finished loading: GET"

javascript jquery asp.net asp.net-web-api

  • I am not an expert on ASP.net @itasouza, but rather, the server (who serves) has to allow an action to be taken. The difference of running GET by Browser and not by Ajax is that Ajax does an Xmlhttprequest and this information goes in the request header. Therefore, the only elegant and correct way is the ASP application to allow Cross-Origin.

  • 1

    @Lucascosta, I’ll look it up

1 answer

1

Hello, If the API is in another domain, other than the one of the application , you will need to enable cross origin(CORS) in the API.

For example: If the application is in:domain with., And the api in domain.com/api you won’t need cross origin

Now if the app is on:meudominio.with, And the api in othodominium.with, you need to enable cross origin.

I don’t know . net, but I imagine this link will do:

https://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api

More specifically this part:

using System.Web.Http;
namespace WebService
{
    public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            // New code
            config.EnableCors();

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );
        }
    }
}

and that:

using System.Net.Http; using System.Web.Http; using System.Web.Http.Cors;

namespace WebService.Controllers
{
    [EnableCors(origins: "http://mywebclient.azurewebsites.net", headers: "*", methods: "*")]
    public class TestController : ApiController
    {
        // Controller methods not shown...
    }
}

In the Origins parameter you should put the address of the application you want to call the api. For testing you can put "*", but do not send for production

Hug!

Browser other questions tagged javascript jquery asp.net asp.net-web-api

You are not signed in. Login or sign up in order to post.