405 Method Not Allowed on WebAPI2 (OWIN)

I had similar issue recently. I added controller handler for the pre-flight OPTIONS request and it solved the problem.

[AllowAnonymous][Route("Register")][AcceptVerbs("OPTIONS")]public async Task<IHttpActionResult> Register(){    return Ok();}

You might need to allow cors in your application for response headers. Below is sample for what I do in node.

res.header('Access-Control-Allow-Origin', '*');res.header("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS"); res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');

This could help you. Thanks.

The problem is not with the angular. Though you get a response in Postman, its not problem in angular that request is not giving you the response. Problem is by default Postman does not post the Origin attribute, which is needed to test CORS. Chrome does block the Origin attribute by default, hence the request is not treated as if its coming from a different domain.

So how to test CORS in Postman

you would need a different chrome extension with same name POSTMAN - Rest Client (Packaged App), and use its 'Request Interceptor toggle switch' to enable it to send the ORIGIN attribute.

read here, section restricted header

below is the sample screen shot when you dont send the ORIGIN attributes

and the same request;s response in POSTMAN when you send the ORIGIN attribute

so if you see, when you add origin, that only when you get the ACCESS-CONTROL-* attributes in response.

I hope this also answer your query about

BitOfTech sample site, is sending the same request headers, but is able to get the Access-Control-Allow-XXX headers"

Web Api Part

Coming back to your case, you do not have CORS enabled in web-api. First enable CORS in web-api. To enable CORS globally use

public static class WebApiConfig{    public static void Register(HttpConfiguration config)    {        var cors = new EnableCorsAttribute("www.example.com", "*", "*");        config.EnableCors(cors);        // ...    }}

-- you can find lot of resources around net on how to add it on controller level etc.

Angular Part

you first need to make sure that the CORS is working in POSTMAN and then try to access that url in angular.

to enable cors in angular you need below code in your app.config() function.

myApp.config(function($httpProvider) {  $httpProvider.defaults.useXDomain = true;  delete $httpProvider.defaults.headers.common['X-Requested-With'];});

Note : For the Experts

Origin attributes is needed to test CORS. I am not very sure on this part, but seems like the case as per the response I see in Postman. It would be great if anyone can shed light on the role Origin attribute in Cors.