JQuery Ajax POST to Web API returning 405 Method Not Allowed

jquery ajax cors asp.net-web-api

21,200

First of all, you're adding only one header, but there is at least three of them you needed:

"Access-Control-Allow-Origin", "*"

"Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"

"Access-Control-Allow-Headers", "Content-Type, Accept"

Secondly, in case if you need CORS only for one method in certain controller, the way you're adding headers is ok. But in common it's not right.

ASP.NET 5 with Web API 2 offers CORS library.

But if you're using Web API, I can offer solution (not truly proper, but working). Just add (in Global.asax) to every request required headers

protected void Application_BeginRequest(object sender, EventArgs e)
{
    HttpContext.Current.Response.AddHeader("Access-Control-Allow-Origin", "*");
    if (HttpContext.Current.Request.HttpMethod == "OPTIONS")
    {
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
        HttpContext.Current.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, Accept");
        HttpContext.Current.Response.AddHeader("Access-Control-Max-Age", "1728000");
        HttpContext.Current.Response.End();
    }

}

21,200

Author by

Ben Power

Developer in Test, specialist in retrofitting test automation. CI, CD, DevOps, Performance testing, anything involving looking at a lots of code and dealing with complex technical problems.

Updated on July 11, 2020

Comments

Ben Power almost 4 years
So I have a jquery ajax request like this:
```
    function createLokiAccount(someurl) {
    var d = {"Jurisdiction":17}

        $.ajax({
                type: "POST",
                url:"http://myserver:111/Api/V1/Customers/CreateCustomer/",
                data: JSON.stringify(d),
                contentType: "application/json; charset=utf-8",
                dataType: "json",
                success: function(data){alert(data);},
                failure: function(errMsg) {
                    alert(errMsg);
                }
            });
    }
```
This is hitting my web api which is basically:
```
    [HttpPost]
    public CreateCustomer.Response CreateCustomer(CreateCustomer.Request request)
    {
        HttpContext.Current.Response.AppendHeader("Access-Control-Allow-Origin", "*");
    ...
```
Which when I call it in Chrome gives me:
```
OPTIONS http://myserver:111/Api/V1/Customers/CreateCustomer/ 405 (Method Not Allowed) 
No 'Access-Control-Allow-Origin' header is present on the requested resource.      
```
When I do the POST request from Fiddler it includes "Access-Control-Allow-Origin: *" in the response header as it should, which would suggest the API is configured correctly, yet the (from Fiddler) the jquery request looks like:

OPTIONS http://myserver:111/Api/V1/Customers/CreateCustomer/ HTTP/1.1 Host: myserver:111 Connection: keep-alive Access-Control-Request-Method: POST Origin: http://localhost:6500 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 Access-Control-Request-Headers: accept, content-type Accept: / Referer: http://localhost:6500/Home/Replication?interval=1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,en-GB;q=0.6,it-IT;q=0.4,it;q=0.2

So why is my POST request getting turned into an OPTIONS request?