CORS not working with route

Based upon the word "preflight" in your message, this is an OPTIONS verb issue. If you examine the requests and responses, I believe you'll see that the request directly before your POST is an OPTIONS request. The OPTIONS request is asking the server what methods are allowed to be called. If you haven't enabled an OPTIONS response, or your OPTIONS response doesn't include the POST method for that Uri, you'll get this response.

Here's a link describing the concept (see section Preflight CORS Requests) https://msdn.microsoft.com/en-us/magazine/dn532203.aspx

To account for this bypassing everything OPTIONS is designed to do, you can add code similar to this (don't be a cargo-cult programmer) to a new or existing module's BeginRequest method:

if (context.Request.HttpMethod.ToLower() == "options"){   var origin = context.Request.Headers["origin"];   context.Response.StatusCode = 200;   context.Response.AddHeader("Access-Control-Allow-Origin", origin);   context.Response.AddHeader("Access-Control-Allow-Credentials", "true");   context.Response.AddHeader("Access-Control-Allow-Methods", "POST, GET, PUT, DELETE, OPTIONS");   context.Response.End();}

Ideally, though, you would want to programmatically determine whether the request is a valid, and if so, then output a response customized for what is actually allowed.

if you are using web api just create one class at root level name it Startup.cs If you can try adding following code in your startup and see if that works. This code will inject cors middelware in ur application pipeline. You probably need to add owin via nuget. Give it a try

[assembly: OwinStartup(typeof(MyProject.API.Startup))]namespace MyProject.API{    public class Startup    {        public void Configuration(IAppBuilder app)        {            app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);            app.UseWebApi(WebApiConfig.Register());        }     }}

Your Web API response is clearly a 405, which indicates that you are calling an URI that does not support your HTTP Method (in this case POST).

Starting from this you need to understand why your URI does not support POST. The most probable answer is that you are calling the wrong URI. The fact that you are getting a CORS error is not the root of your problem and derives from the fact that the wrong URI you are calling does not set any Access-Control-Allow-Origin header.

Looking at your controller method:

[EnableCors(origins: "*", headers: "*", methods: "*", SupportsCredentials = true)][Route("{id:int}/clave")][HttpPost]public HttpResponseMessage Post(int id, [FromBody]CambioClaveParameters parametros)

It appears to me that you are using a Route attribute, but not setting a RoutePrefix attribute in your controller class.

This means that the correct URI for your method is the following one:

http://localhost:xxxx/1/clave

And not, as you might think, that one:

http://localhost:xxxx/api/Clave/1/clave

If you want to access your resource using the second URI you need to put a new RoutePrefix attribute in your Controller:

[RoutePrefix("api/Clave")]public class ClaveController : ApiController {    //..}