Getting CORS To Work With Nancy
I don't think you need to specify OPTIONS as an allowed CORS method. I've never seen that set, and I've never set it myself. Browsers don't complain.
Otherside I have a similar setup as you in my :
public abstract class MyModule : NancyModule protected MyModule(bool hasRazorView = true) After.AddItemToEndOfPipeline((ctx) => ctx.Response .WithHeader("Access-Control-Allow-Origin", "*") .WithHeader("Access-Control-Allow-Methods", "POST,GET") .WithHeader("Access-Control-Allow-Headers", "Accept, Origin, Content-type")); . . . . }}
In my case, the CORS get sent on my GET and POST, but not the OPTIONS. I overrode the default OPTIONS handling with Options["/"] = route => new Response()
. That let the rest of the pipeline fire.
I find it nicer to handle CORS headers in IIS rewriter rules this is sample rewrite webconfig section which does that:
<rewrite> <outboundRules> <rule name="Set Access Control Allow Origin Header" preCondition="Origin header"> <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern="(.*)" /> <action type="Rewrite" value="{HTTP_ORIGIN}" /> </rule> <rule name="Set Access Control Allow Headers Header" preCondition="Origin header"> <match serverVariable="RESPONSE_Access-Control-Allow-Headers" pattern="(.*)" /> <action type="Rewrite" value="Content-Type" /> </rule> <rule name="Set Access Control Allow Methods Header" preCondition="Origin header"> <match serverVariable="RESPONSE_Access-Control-Allow-Method" pattern="(.*)" /> <action type="Rewrite" value="POST,GET,OPTIONS" /> </rule> <rule name="Set Access Control Allow Credentials Header" preCondition="Origin header"> <match serverVariable="RESPONSE_Access-Control-Allow-Credentials" pattern="(.*)" /> <action type="Rewrite" value="true" /> </rule> <preConditions> <preCondition name="Origin header" logicalGrouping="MatchAny"> <add input="{HTTP_ORIGIN}" pattern="(http://localhost$)" /> <add input="{HTTP_ORIGIN}" pattern="(http://.*\.YOURDOMAIN\.com$)" /> </preCondition> </preConditions> </outboundRules></rewrite>
Remember to install IIS rewrite module: http://www.iis.net/downloads/microsoft/url-rewrite
On .NET Core, I was able to pass through CORS using the code below in the Configure method:
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public virtual void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddConsole(Configuration.GetSection("Logging")); loggerFactory.AddDebug(); // Shows UseCors with CorsPolicyBuilder. app.UseCors(builder => builder.WithOrigins(new[] { "http://localhost:4200" }).AllowAnyHeader() .AllowAnyMethod() .AllowCredentials() ); app.UseOwin(a => a.UseNancy(b => b.Bootstrapper = new NancyBootstrap(this.Container))); }