I was try to post some data with fetch to an API server. The server was an ASP.NET Web API, .NET Framework v4.5. Published on IIS and only enable Windows Authentication.
However, the post's preflight's request header was not contain cookie. So I got a '401 Unauthorized' error.
My fetch request code, and request header from chrome.
fetch(url,
{
method: 'POST',
mode: 'cors',
headers: {
'Accept': 'application/json, text/plain, */*',
'Content-Type': 'application/json'
},
body: JSON.stringify(loaItem),
credentials: 'include'
})
OPTIONS /api/loasdup HTTP/1.1
Host: localhost:4501
Connection: keep-alive
Access-Control-Request-Method: POST
Origin: http://localhost:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/67.0.3396.99 Safari/537.36
Access-Control-Request-Headers: content-type
Accept: */*
Referer: http://localhost:8081/loa/copy/LOA201807120000
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en-US;q=0.8,en;q=0.7
Any ideas?
Response Headers in IIS:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Origin: http://localhost:8081