1

I'm using IIS 7.5 with asp.net webapi to do a delete for a record id. I can get it to work in Safari, but not Firefox. Here's an image of the request/response for the jQuery Ajax submission:

http://screencast.com/t/Ckls9nO8D

Here's my code snippet for my jQuery Delete submission:

    var deleteGame = function(gameId)
    {       
        var d = $.Deferred();
        var url = Enum.RootUrl + Enum.DeleteGameUrl + gameId;
        jQuery.support.cors = true;
        $.ajax(
        {
            url: url,
            type: 'Delete',
            cache: false,
            crossDomain: true,
            processData: true,
            success: function () 
            {
                d.resolve();
            },
            error: function(XMLHttpRequest, textStatus, errorThrown)
            {
                //alert("error happened AGAIN:\n" + JSON.stringify(XMLHttpRequest) );
            }
        });

        return d.promise();
    };

here's the generated URL for jquery submission: http://local.guessalist.com/api/game/46

I'm not sure why it works in Safari but not Firefox. Please help.

It appears Access-Control-Request-Headers is missing from Request Headers. I'm not sure if this is the cause of the problem.

After playing around with this in Safari and Chrome, I'm getting "Refused to set unsafe header "Access-Control-Request-Headers" OPTIONS http://local.guessalist.com/api/game/64 405 (Method Not Allowed)" error in each browser via the browser's console, but the delete operation is allowed to continue. Not sure what I'm doing here. Any advice would be greatly appreciated.

Tom Schreck
  • 4,669
  • 11
  • 60
  • 118

1 Answers1

1

After several hours of researching, trouble shooting, cursing, and flipping off my code, I finally got it working with the help of this approach:

http://brockallen.com/2012/06/28/cors-support-in-webapi-mvc-and-iis-with-thinktecture-identitymodel/

I initially tried just the WebAPI approach, and it didn't work. I then removed everything I was trying and followed the IIS approach described in the link above, and everything works. I'm not sure why. I only added this line of code to Web.Config and nothing else:

    <modules runAllManagedModulesForAllRequests="true">
        <add name="CorsHttpModule" type="Thinktecture.IdentityModel.Http.Cors.IIS.CorsHttpModule"/>
    </modules>

That's the only configuration I did and I can do cross domain deletes. I'm assuming other verbs will work, I've only tested with Delete. So, I'm grateful that I can get my code to work, but am wondering why it's working given that I only did part of the configuration as cited in the link above. If anyone stumbles upon this and can explain, I would appreciate it. Thanks.

Tom Schreck
  • 4,669
  • 11
  • 60
  • 118
  • [This article](http://www.britishdeveloper.co.uk/2010/06/dont-use-modules-runallmanagedmodulesfo.html) advising NOT to use this technique. It offers a workaround as well. – Dmitry Gonchar Apr 09 '13 at 19:36