Get Help:Ask a Question in our Forums|Report a Bug|More Help Resources
Last post Feb 06, 2013 12:15 PM by BrockAllen
Feb 04, 2013 08:39 PM|LINK
I'm still confused. Do you think that I should only enable cors on WebAPI?
Web Api was hosting on Test2. I enabled Test2 to accept CORS from Test1.
Test1 is an mvc website. It is origin for test2. When I debugged to run the code of mvc site on Test1, It does not pass to test2. It's showing "This page is accessing information that is not under its control. This poses a security risk. Do you want to
continue?" Is it showing that I should enable cors on mvc site also. I did it, but still could not make it work.
Also I using fiddler to trace the request, but I did not find any Access-Control-Request... inside header. Where I did incorrect? I followed the article and code sample to code my Web API and mvc site.
Feb 05, 2013 12:19 PM|LINK
You only need to enable CORS in the app/site that is receiving the Ajax requests. You then configure it via CORS to accept calls from the other origin. You will get OPTIONS requests for PUT and DELETE or any request that sends application/json or is marked
with enable credentials.
Once you have the OPTIONS request then you need to find out why/where in IIS it's getting handled. If it's not the CORS library then it's something earlier in IIS like WebDAV or the OPTIONS http handler and you need to disable those.
Feb 05, 2013 03:33 PM|LINK
Thank you very much! Finally I got it work for me. However, It's could not work for IE9. Is there any solution for it?
Feb 05, 2013 04:28 PM|LINK
IE8 and IE9 are only partially supported:
Feb 06, 2013 09:07 AM|LINK
Hi Brock, What's it mean "Partially Supported". Is there a way to work around it?
Feb 06, 2013 12:15 PM|LINK
You can do CORS if you use te XDomainRequest object instead of the XmlHttpRequest. Same API -- just XDR knows how to do CORS.