405 Method Not Allowed on WebAPI2 (OWIN)
I had similar issue recently. I added controller handler for the pre-flight OPTIONS
request and it solved the problem.
[AllowAnonymous][Route("Register")][AcceptVerbs("OPTIONS")]public async Task<IHttpActionResult> Register(){ return Ok();}
You might need to allow cors in your application for response headers. Below is sample for what I do in node.
res.header('Access-Control-Allow-Origin', '*');res.header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS"); res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
This could help you. Thanks.
The problem is not with the angular. Though you get a response in Postman, its not problem in angular that request is not giving you the response. Problem is by default Postman does not post the Origin attribute
, which is needed to test CORS. Chrome does block the Origin attribute by default, hence the request is not treated as if its coming from a different domain.
So how to test CORS in Postman
you would need a different chrome extension with same name POSTMAN - Rest Client (Packaged App), and use its 'Request Interceptor toggle switch' to enable it to send the ORIGIN attribute.
read here, section restricted header
below is the sample screen shot when you dont send the ORIGIN attributes
and the same request;s response in POSTMAN when you send the ORIGIN attribute
so if you see, when you add origin, that only when you get the ACCESS-CONTROL-* attributes in response.
I hope this also answer your query about
BitOfTech sample site, is sending the same request headers, but is able to get the Access-Control-Allow-XXX headers"
Web Api Part
Coming back to your case, you do not have CORS enabled in web-api. First enable CORS in web-api. To enable CORS globally use
public static class WebApiConfig{ public static void Register(HttpConfiguration config) { var cors = new EnableCorsAttribute("www.example.com", "*", "*"); config.EnableCors(cors); // ... }}
-- you can find lot of resources around net on how to add it on controller level etc.
Angular Part
you first need to make sure that the CORS is working in POSTMAN and then try to access that url in angular.
to enable cors in angular you need below code in your app.config() function.
myApp.config(function($httpProvider) { $httpProvider.defaults.useXDomain = true; delete $httpProvider.defaults.headers.common['X-Requested-With'];});
Note : For the Experts
Origin attributes is needed to test CORS.
I am not very sure on this part, but seems like the case as per the response I see in Postman. It would be great if anyone can shed light on the role Origin attribute
in Cors.