CORS with .NET debugger - XMLHttpRequest cannot load Origin X isnot allowed by Access-Control-Allow-

R

Richard Maher

Hi,

Can someone please help me with this error: -
In Load labstats.html:77
GET http://1.2.3.4:2753/LoadCustomerAndDisplay/LibraryJson 400 (Bad
Request) labstats.html:112

XMLHttpRequest cannot load
http://1.2.3.4:2753/LoadCustomerAndDisplay/LibraryJson. Origin
http://1.2.3.4 is not allowed by Access-Control-Allow-Origin.
labstats.html:112

Uncaught NetworkError: A network error occurred. labstats.html:112

------------------------------------------------------------------------

I'm guessing this is a server-side issue only but in case there are any
request headers that need to be tweaked in the JS Ajax call I have
posted to c.l.js and attached the web-page et al at the bottom.

I am launching a debugging session of my C# class library that contains
an MVC controller that will proxy/redirect a query behind the firewall
to a URL that is not visible to the outside world.

This is just (hopefully) Mickey-Mouse debugging while I play with
geolocation. I want to wander around with my phone and hook-up to my
PC's VisualStudio debug server. Can I do it?

I've seen that only localhost/127.0.0.1 is the only thing that can
connect to an IIS debug server but I read about setting IIS Express : -

http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx

But still no joy :-(

Here's the method on my MVC Controller that is AJAXed cross-site from
the browser: -

public String LibraryJson()

{

Response.AppendHeader("Access-Control-Allow-Origin", "*");



HttpWebRequest request =
(HttpWebRequest)WebRequest.Create("http://not.publicly.available/Availability/LibraryJson");

try

{

WebResponse response = request.GetResponse();

using (Stream responseStream =
response.GetResponseStream())

{

StreamReader reader = new
StreamReader(responseStream, Encoding.UTF8);

return reader.ReadToEnd();

}

}

catch (WebException ex)

{

WebResponse errorResponse = ex.Response;

using (Stream responseStream =
errorResponse.GetResponseStream())

{

StreamReader reader = new
StreamReader(responseStream, Encoding.GetEncoding("utf-8"));

String errorText = reader.ReadToEnd();

// log errorText

}

throw;

}

}

The Web.Config

<httpProtocol>

<customHeaders>

<add name="Access-Control-Allow-Origin" value="*" />

<add name="Access-Control-Allow-Headers" value="Content-Type" />

<add name="Access-Control-Allow-Methods" value="GET, POST, PUT,
DELETE, OPTIONS" />

</customHeaders>

</httpProtocol>
 
B

bradbury9

El jueves, 22 de agosto de 2013 14:57:26 UTC+2, Richard Maher escribió:
Hi,



Can someone please help me with this error: -

In Load labstats.html:77

GET http://1.2.3.4:2753/LoadCustomerAndDisplay/LibraryJson 400 (Bad

Request) labstats.html:112



XMLHttpRequest cannot load

http://1.2.3.4:2753/LoadCustomerAndDisplay/LibraryJson. Origin

http://1.2.3.4 is not allowed by Access-Control-Allow-Origin.

labstats.html:112



Uncaught NetworkError: A network error occurred. labstats.html:112



------------------------------------------------------------------------



I'm guessing this is a server-side issue only but in case there are any

request headers that need to be tweaked in the JS Ajax call I have

posted to c.l.js and attached the web-page et al at the bottom.



I am launching a debugging session of my C# class library that contains

an MVC controller that will proxy/redirect a query behind the firewall

to a URL that is not visible to the outside world.



This is just (hopefully) Mickey-Mouse debugging while I play with

geolocation. I want to wander around with my phone and hook-up to my

PC's VisualStudio debug server. Can I do it?



I've seen that only localhost/127.0.0.1 is the only thing that can

connect to an IIS debug server but I read about setting IIS Express : -



http://www.hanselman.com/blog/WorkingWithSSLAtDevelopmentTimeIsEasierWithIISExpress.aspx



But still no joy :-(



Here's the method on my MVC Controller that is AJAXed cross-site from

the browser: -



public String LibraryJson()



{



Response.AppendHeader("Access-Control-Allow-Origin", "*");







HttpWebRequest request =

(HttpWebRequest)WebRequest.Create("http://not.publicly.available/Availability/LibraryJson");



try



{



WebResponse response = request.GetResponse();



using (Stream responseStream =

response.GetResponseStream())



{



StreamReader reader = new

StreamReader(responseStream, Encoding.UTF8);



return reader.ReadToEnd();



}



}



catch (WebException ex)



{



WebResponse errorResponse = ex.Response;



using (Stream responseStream =

errorResponse.GetResponseStream())



{



StreamReader reader = new

StreamReader(responseStream, Encoding.GetEncoding("utf-8"));



String errorText = reader.ReadToEnd();



// log errorText



}



throw;



}



}



The Web.Config



<httpProtocol>



<customHeaders>



<add name="Access-Control-Allow-Origin" value="*" />



<add name="Access-Control-Allow-Headers" value="Content-Type" />



<add name="Access-Control-Allow-Methods" value="GET, POST, PUT,

DELETE, OPTIONS" />



</customHeaders>



</httpProtocol>
Click to expand...

You could be missing the cross domain policy XML file. Check this link (itsphp related, but mentions the XML file) https://www.bionicspirit.com/blog/2011/03/24/cross-domain-requests.html

You could also move from json to jsonp, which is designed to avoid those cross domain policies (but it is more complicated to use)

PS: With visual studio integrated server (the one going at port 2753) i do remember it could be problematic (didn't recognice) the XML file. So there is no perfect solution IMHO
https://www.bionicspirit.com/blog/2011/03/24/cross-domain-requests.html
 
R

Richard Maher

You could be missing the cross domain policy XML file. Check this link
Click to expand...

(its php related,

but mentions the XML file)0

https://www.bionicspirit.com/blog/2011/03/24/cross-domain-requests.html
You could also move from json to jsonp, which is designed to avoid
Click to expand...

those cross domain policies (but it is more complicated to use)
PS: With visual studio integrated server (the one going at port 2753)
Click to expand...

i do remember it could be problematic (didn't recognice) the XML file.

So there is no perfect solution IMHO
https://www.bionicspirit.com/blog/2011/03/24/cross-domain-requests.html
Click to expand...

Thanks for the reply. (I wasn't aware of the IE crap so it was a good
heads up).

Anyway I published the app and still no xdomain joy :-( I just can get
what looks to be easy to work. I guess I'll just have to check the
headers on the wire but if someone can point out what I'm doing wrong
that'd be great!

Cheers Richard Maher
 
R

Richard Maher

On 8/24/2013 6:45 AM, Michael Haufe (TNO) wrote:
8<
Here is a resource that may help:

<https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS>

Check your headers
Click to expand...

Hi Michael,

(Sorry for the delay in responding. Thanks for the useful reference BTW)

The headers, at least to me, look peachy. See below.

What am I doing wrong? It looks like the instructions from my web.config
AND individual method BOTH effected the headers. Sounds good right?

Cheers Richard Maher


HEADERS>>>


Request URL:

http://1.2.3.4/JSON/LoadCustomerAndDisplay/LibraryJson

2. Request Method:

GET

3. Status Code:

200 OK

4. Request Headersview source

1. Accept:

*/*

2. Accept-Encoding:

gzip,deflate,sdch

3. Accept-Language:

en-US,en;q=0.8

4. Connection:

keep-alive

5. DNT:

1

6. Host:

1.2.3.4

7. Referer:

http://1.2.3.4/Labstats.html

8. User-Agent:

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/29.0.1547.57 Safari/537.36

5. Response Headersview source

1. Access-Control-Allow-Headers:

Content-Type

2. Access-Control-Allow-Methods:

GET, POST, PUT, DELETE, OPTIONS

3. Access-Control-Allow-Origin:

*

4. Access-Control-Allow-Origin:

*

5. Cache-Control:

private

6. Content-Encoding:

gzip

7. Content-Length:

655

8. Content-Type:

text/html; charset=utf-8

9. Date:

Fri, 30 Aug 2013 08:36:21 GMT

10. Server:

Microsoft-IIS/7.5

11. Vary:

Accept-Encoding

12. X-AspNet-Version:

4.0.30319

13. X-AspNetMvc-Version:

2.0

14. X-Powered-By:

ASP.NET
 
Top