简体繁体中英

IIS is executing request even if CORS is disabled

原文 2017-07-28 12:35:16 6 1 javascript/ jquery/ asp.net/ ajax/ asp.net-mvc

I have two MVC ASP.NET applications. I'm trying to make ajax POST request from one app to another. By default CORS should have been disabled, and I'm getting alert in console:

XMLHttpRequest cannot load http://localhost:2211/Home/Form . No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin ' http://localhost:2282 ' is therefore not allowed access.

So everything should be right. But...

I realized that this request executed that specific action on http://localhost:2211 . How is that possible? Why that request was executed even though CORS had been disabled?

1 answers

The request to http://localhost:2211/Home/Form was made, however the response from that request did not contain an Access-Control-Allow-Origin header which results in the browser declining to process the response for you.

Until the server responds to the request that's been made to it, providing the header, the browser won't know if the request was/is permitted or not, ie the onus is on the browser to react to the Access-Control-Allow-Origin header, rather than the server.

You may even see different behaviours here depending on the browser you're using as, for example:

Internet Explorer does not consider the port when comparing origins.

docs.microsoft.com > What is "same origin"

Executing javascript from a CORS request

How to authorize CORS preflight request on IIS with Windows Authentication

Why is my no-cors fetch() not ok even if the request succeed?

JQuery getJSON CORS error even though not making Cross Origin Request?

AJAX request failing even though CORS headers are present

Fetch request failing for DELETE method even though CORS headers are present

No Access-Control-Allow-Origin header is present on the requested resource. set the request's mode to no-cors to fetch the resource with CORS disabled

Ajax calls to a CORS disabled service

Why is CORS request failing even after setting “esponse.addHeader(”Access-Control-Allow-Origin“, ”*“);” in servlet?

Firefox Does not allow CORS request even when the server returns the appropriate response header

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Executing javascript from a CORS request How to authorize CORS preflight request on IIS with Windows Authentication Why is my no-cors fetch() not ok even if the request succeed? JQuery getJSON CORS error even though not making Cross Origin Request? AJAX request failing even though CORS headers are present Fetch request failing for DELETE method even though CORS headers are present No Access-Control-Allow-Origin header is present on the requested resource. set the request's mode to no-cors to fetch the resource with CORS disabled Ajax calls to a CORS disabled service Why is CORS request failing even after setting “esponse.addHeader(”Access-Control-Allow-Origin“, ”*“);” in servlet? Firefox Does not allow CORS request even when the server returns the appropriate response header

Related Tags

IIS is executing request even if CORS is disabled

Question

1 answers

solution1 1 ACCPTED 2017-07-28 12:46:00

solution1
1 ACCPTED 2017-07-28 12:46:00