I'm most definitely hitting this issue with attribute routing. The issue was fixed recently so it's not in v5.0.0-rc1. But still, you can try out the nightly builds which will most certainly have the fix.

Or until fixed you can try this hack in Global.asax.cs:

protected void Application_BeginRequest(object sender, EventArgs e) { if (Context.Request.Path.Contains("api/") && Context.Request.HttpMethod == "OPTIONS") { Context.Response.AddHeader("Access-Control-Allow-Origin", "*"); Context.Response.AddHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept"); Context.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST PUT, DELETE, OPTIONS"); Context.Response.End(); } } 

I'm most definitely hitting this issue with attribute routing. The issue was fixed as of 5.0.0-rtm-130905. But still, you can try out the nightly builds which will most certainly have the fix.

To add nightlies to your NuGet package source, go to Tools -> Library Package Manager -> Package Manager Settings and add the following URL under Package Sources: http://myget.org/F/aspnetwebstacknightly