internet explorer - Request header was not present in the Access-Control-Allow-Headers list -


in api, have following code:

public class customoauthprovider : oauthauthorizationserverprovider {      public override task matchendpoint(oauthmatchendpointcontext context)     {         if (context.owincontext.request.method == "options" && context.istokenendpoint)         {             context.owincontext.response.headers.add("access-control-allow-methods", new[] { "post" });             context.owincontext.response.headers.add("access-control-allow-headers",                  new[] {                      "access-control-allow-origin",                      "accept",                      "x-api-applicationid",                      "content-type",                      "authorization"                  });             context.owincontext.response.headers.add("access-control-allow-origin", new[] { "*" });             context.owincontext.response.statuscode = (int)httpstatuscode.ok;              context.requestcompleted();              return task.fromresult<object>(null);         }          return base.matchendpoint(context);     }      // ... more code, not relevant  } 

when connect api chrome, works perfect. when connect same computer same api, different browser, internet explorer 11, following error:

sec7123: request header x-api-applicationid not present in access-control-allow-headers list.

i debugged code, , see headers added response. ie shows headers:

ie11 response

what ie expect?

update

if change order of headers

new[] {      "access-control-allow-origin",      "accept",      "x-api-applicationid",      "content-type",      "authorization"  } 

to:

new[] {      "content-type",     "accept",     "access-control-allow-origin",     "x-api-applicationid",      "authorization"  } 

the error message changes to:

sec7123: request header access-control-allow-origin not present in access-control-allow-headers list.

so gives error on third header.

make sure it's not simple misspelling of content-type header in ajax. getting options preflight application/x-www-form-urlencoded content-type, doesn't necessitate preflight, had

content-type: application/x-www-form-urlencoded

instead of

application/x-www-form-urlencoded

as contenttype option.

wrong:

$.ajax({     url: 'http://www.example.com/api/account/token',     contenttype: 'content-type: application/x-www-form-urlencoded',     method: 'post',     data: {         grant_type: "password",         username: $('#username').val(),         password: $('#password').val()     }, }); 

right:

$.ajax({     url: 'http://www.example.com/api/account/token',     contenttype: 'application/x-www-form-urlencoded',     method: 'post',     data: {         grant_type: "password",         username: $('#username').val(),         password: $('#password').val()     }, }); 

Comments

Popular posts from this blog

matlab - "Contour not rendered for non-finite ZData" -

delphi - Indy UDP Read Contents of Adata -

javascript - Any ideas when Firefox is likely to implement lengthAdjust and textLength? -