0

I am bit new to webAPi and I want to implement CORS (Cross Origin Resource Sharing) on Web API. I am referring to this Microsoft link. They install a Nuget package using 

PM> Install-Package Microsoft.AspNet.Cors -Version 5.0.0-rc1 -Pre

However, I am using .NET Framework 4.0 and it is not working. Afterwards I used this Nuget command:

Install-Package Microsoft.AspNet.WebApi -Version 4.0.20710

But it does not contain the CORS class. So, do we have any other different way to implement CORS?

Improve this question

2 Answers 2

Reset to default
4

I use the following and works fine for me (thought not sure about the "4.0 client profile" bit) :

public class CorsHandler : DelegatingHandler { private const string Origin = "Origin"; private const string AccessControlRequestMethod = "Access-Control-Request-Method"; private const string AccessControlRequestHeaders = "Access-Control-Request-Headers"; private const string AccessControlAllowOrigin = "Access-Control-Allow-Origin"; private const string AccessControlAllowMethods = "Access-Control-Allow-Methods"; private const string AccessControlAllowHeaders = "Access-Control-Allow-Headers"; protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { bool isCorsRequest = request.Headers.Contains(Origin); bool isPreflightRequest = request.Method == HttpMethod.Options; if (isCorsRequest) { if (isPreflightRequest) { var response = new HttpResponseMessage(HttpStatusCode.OK); response.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First()); string accessControlRequestMethod = request.Headers.GetValues(AccessControlRequestMethod).FirstOrDefault(); if (accessControlRequestMethod != null) { response.Headers.Add(AccessControlAllowMethods, accessControlRequestMethod); } string requestedHeaders = string.Join(", ", request.Headers.GetValues(AccessControlRequestHeaders)); if (!string.IsNullOrEmpty(requestedHeaders)) { response.Headers.Add(AccessControlAllowHeaders, requestedHeaders); } var tcs = new TaskCompletionSource<HttpResponseMessage>(); tcs.SetResult(response); return tcs.Task; } return base.SendAsync(request, cancellationToken).ContinueWith(t => { HttpResponseMessage resp = t.Result; resp.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First()); return resp; }); } return base.SendAsync(request, cancellationToken); } }

Remember to register it in you app start (mine in global.asax)

GlobalConfiguration.Configuration.MessageHandlers.Add(new CorsHandler());
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I am facing the same problem as described by user3409920. While I am trying your solution, it's throwing StackOverFlow exception on statement return base.SendAsync(...) inside if(isCorsRequest). Do you have any idea about resolving that??
Hey there, try to use only one of these return statements above. As you can see the first one return the Headers together and the another one don't. Let me know your inputs. Cheers
0

The CORS package is supported in Web API 2 that needs .NET Framework 4.5 and visual studio/express 2014.

It is not available for Web API 1 (which you are using with .NET 4.0)

Refer this thread.

Improve this answer

1 Comment

It would be better if you include some important info from given thread here.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.