带标题的帖子请求错误

Question

I am sending ajax request with headers in it. and getting error like so Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin. I enabled header in my mvc app like so but same error is coming.and idea to fix that....

<customHeaders>
        <remove name="Server" />
        <remove name="X-Powered-By" />
        <remove name="X-AspNet-Version" />
        <remove name="Access-Control-Allow-Headers"/>
        <add    name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept,Token" />
        <add    name="Access-Control-Expose-Headers" value="ETag, Link, X-RateLimit-Limit, X-RateLimit-Remaining, X-Exceptionless-Client" />
        <remove name="Access-Control-Allow-Origin"/>
      </customHeaders>

Answer 1

The problem is that you have a different URL between Origin and Destiny.

Change the Web.config of the Destiny to have the following lines:

<?xml version="1.0" encoding="utf-8"?>
    <configuration>
     <system.webServer>
       <httpProtocol>
          <customHeaders>
            <add name="Access-Control-Allow-Origin" value="*" />
            <add name="Access-Control-Allow-Headers" value="Content-Type" />
            <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
          </customHeaders>
        </httpProtocol>
     </system.webServer>
    </configuration>

Just be careful because anyone will be able to access your resource (*). If you want, you can write the URL origin.

Another option to solve this problem would be enable CORS: https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/enabling-cross-origin-requests-in-web-api