A place to save it all.
To allow a cross domain request we need to configure our server to identify itself as CORS compatible.
This is done through response headers.
Before a request is executed by a browser it makes a 'preflight request'. This is a http request performed automatically by the browser using the OPTIONS verb.
The response to this request needs to include access control headers to allow the browser to execute the request initially submitted by the client.
Here is a sample of a failed attempt.
Here is what a successfull exchange of headers should look like:
Request Headers:Origin: http://yourdomain.com Access-Control-Request-Method: POST Access-Control-Request-Headers: X-Custom-HeaderResponse Headers:
Access-Control-Allow-Origin: http://yourdomain.com Access-Control-Allow-Methods: GET, POST Access-Control-Allow-Headers: X-Custom-Header
To Service the pre-flight request we need to set the handler binding in the web.config file to handle the OPTION verb request.
Here is very permissive options handler. This configuration allows requests from any site.
Service Headers////// Options Handler to accept CORS requests /// public class OptionsHandler : IHttpHandler { public void ProcessRequest(HttpContext context) { Policies.HandleInit(this); var header_list = context.Response.Headers; var web_op_context = context.Response; web_op_context.StatusDescription = "OK"; web_op_context.StatusCode = 200; web_op_context.Headers.Add("Access-Control-Allow-Methods", "OPTIONS, POST, GET, PUT, DELETE"); string headers = ""; headers += "Content-Type, "; headers += "X-Requested-With, "; headers += "Accept"; web_op_context.Headers.Add("Access-Control-Allow-Headers", headers); web_op_context.Headers.Add("Access-Control-Expose-Headers", headers); web_op_context.Headers.Add("Accept", "*/*"); web_op_context.Headers.Add("Accept-Language", "en-US, en"); web_op_context.Headers.Add("Accept-Charset", "ISO-8859-1, utf-8"); web_op_context.Headers.Add("Connection", "keep-alive"); web_op_context.Headers.Add("Access-Control-Allow-Origin", "*"); web_op_context.Headers.Remove("Server"); web_op_context.Headers.Remove("X-Powered-By"); } public bool IsReusable { get { return false; } } }