We need to disable CORS in WebAPI project and I have commented out below line in Startup.cs
class and public void Configuration(IAppBuilder app)
method.
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
By going through thread, following request is sent
curl -H "Origin: http://www.google.com" --verbose \ http://localhost:23422/api/values
Response
HTTP/1/1 200 OK
Content-Type: application/json; charset=utf-8
Server: XXXX
X-SourceFiles: XXX
X-Powered-By: ASP.NET
[
"value1",
"value2"
]
It does work and gives back the actual result. Does it mean that the CORS is still supported? I assumed it to not to return any values since I am requesting it from google.com.
However, when I try the below request. It returns back 405 Method Not Allowed
curl -H "Access-Control-Request-Method: GET" -H "Origin: http://google.com" --head \ http://localhost:44312/api/values
Response
HTTP/1/1 405 Method Not Allowed
Allow: GET,POST
Content-Type: application/json; charset=utf-8
Server: XXXX
X-SourceFiles: XXX
X-Powered-By: ASP.NET
{
"message": "The requested resource does not support http method "OPTIONS"."
}