2

Response to preflight request doesn't pass access control check.

XMLHttpRequest cannot load http://localhost:49531/Access/Authenticate. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:31775' is therefore not allowed access.

I am flushing request coming with OPTIONS. Request returns with code 200, however I am still getting this error.

protected void Application_BeginRequest()
        {
            if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
            {
                Response.Flush();
                Response.End();
            }
        }

What I am trying to do is to adding a token to header from client side and server side. Once client has been authenticated, token is added to request from server. From next request initiated from client, this token is sent by javascript.

Shantanu Gupta
  • 19,317
  • 51
  • 167
  • 268
  • Try to enable CORS in your server ``http://localhost:49531`` – Indrajith Nov 27 '15 at 11:43
  • You need to add the header "Access-Control-Allow-Origin=" on the server side. – Shreyas Nov 27 '15 at 11:50
  • 1
    You need to respond the preflight request with a proper `Access-Control-Allow-Origin` and `Access-Control-Allow-Methods` headers. An additional `Access-Control-Allow-Headers` might also be required if the request contains `Access-Control-Request-Headers` header. – IronGeek Nov 27 '15 at 11:51
  • Would this have any security concerns? – Shantanu Gupta Nov 27 '15 at 14:05
  • Yes, there are security concerns. http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api – GraehamF Dec 13 '15 at 06:05
  • Possible duplicate of [Response to preflight request doesn't pass access control check AngularJs](http://stackoverflow.com/questions/35588699/response-to-preflight-request-doesnt-pass-access-control-check-angularjs) – LisaMM Jul 11 '16 at 14:36

0 Answers0