internet explorer - Request header was not present in the Access-Control-Allow-Headers list -
in api, have following code:
public class customoauthprovider : oauthauthorizationserverprovider { public override task matchendpoint(oauthmatchendpointcontext context) { if (context.owincontext.request.method == "options" && context.istokenendpoint) { context.owincontext.response.headers.add("access-control-allow-methods", new[] { "post" }); context.owincontext.response.headers.add("access-control-allow-headers", new[] { "access-control-allow-origin", "accept", "x-api-applicationid", "content-type", "authorization" }); context.owincontext.response.headers.add("access-control-allow-origin", new[] { "*" }); context.owincontext.response.statuscode = (int)httpstatuscode.ok; context.requestcompleted(); return task.fromresult<object>(null); } return base.matchendpoint(context); } // ... more code, not relevant }
when connect api chrome, works perfect. when connect same computer same api, different browser, internet explorer 11, following error:
sec7123: request header x-api-applicationid not present in access-control-allow-headers list.
i debugged code, , see headers added response. ie shows headers:
what ie expect?
update
if change order of headers
new[] { "access-control-allow-origin", "accept", "x-api-applicationid", "content-type", "authorization" }
to:
new[] { "content-type", "accept", "access-control-allow-origin", "x-api-applicationid", "authorization" }
the error message changes to:
sec7123: request header access-control-allow-origin not present in access-control-allow-headers list.
so gives error on third header.
make sure it's not simple misspelling of content-type header in ajax. getting options preflight application/x-www-form-urlencoded
content-type, doesn't necessitate preflight, had
content-type: application/x-www-form-urlencoded
instead of
application/x-www-form-urlencoded
as contenttype
option.
wrong:
$.ajax({ url: 'http://www.example.com/api/account/token', contenttype: 'content-type: application/x-www-form-urlencoded', method: 'post', data: { grant_type: "password", username: $('#username').val(), password: $('#password').val() }, });
right:
$.ajax({ url: 'http://www.example.com/api/account/token', contenttype: 'application/x-www-form-urlencoded', method: 'post', data: { grant_type: "password", username: $('#username').val(), password: $('#password').val() }, });
Comments
Post a Comment