In case you guys haven’t seen it, 3 Microsoft guys did a Reddit session where they answered questions from anyone. The questions and responses are very interesting – they talk about technologies I’ve never heard about… If you want to check it out, here it is:
I successfully implemented CORS in Firefox and Chrome, but could not get it to work in IE. No surprise right? My issues were:
- No transport error message: When JQuery builds a ajax response object, it uses a factory to get the transport object. So in some cases IE will use an ActiveX object to make the ajax call. But if the proper transport to use can not be determined you’ll get the “No Transport” error message. So the workaround is to tell jquery to use CORS:
$.support.cors = true;
- Access Is Denied: This was driving me crazy! I wrote a spike that worked fine in IE, but the exact same code would fail to run on my web site. There were 2 reasons:
- Using “localhost” in the ajax url setting – IE really doesn’t like this, so it just chucks an error. I think there is a setting somewhere to enable this to work, but I just replaced “localhost” with my IP address to work around the problem.
- Document Mode : I was forcing my web page to use the IE8 standards document mode. That combination of IE10 browser mode and IE8 standards just made IE ralph all over the place. Removing the “meta” tag from the page header so it would default to plain ol “Standards” fixed it right up.
- IE8 and IE9: Once I had everything working in IE10, I moved on to the other two versions. They laughed at my attempts. So I downloaded a JS jquery addon from MoonScript:
With this script included on the page, I made the ajax calls the same way but the big difference is it worked…
So I have 2 web services – one is a web-api service and the other is some Frankenstein. When a CORS request comes over to the server it comes with the “OPTIONS” HTTP method, so I’m guessing there is an “options” attribute you can add to customize the request for a specific method… Not sure why you would do that though.
Here are the notes I’ve collected from the process of adding support to both services:
Web API steps
My big hangup is doing this in visual studio 2012 – it doesn’t appear to be made to work out of the box in vs2012…
– Include System.Web.Cors.dll and System.Web.Http.Cors.dll – had to download the nuget package Microsoft.AspNet.WebApi.Cors.
– Enable CORS in the WebApiConfig.Register – you can then use the [EnableCors] attribute. However the example in the codeplex example appears to be bad — You can’t instantiate a EnableCorsAttribute object without parameters…
– To load settings from your config, you have to implement an ICorsPolicyProvider class
– Examples in the second link show how to implement it as a custom attribute
– Had to add a dependent section to the web.config:
<dependentAssembly> <assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="18.104.22.168-22.214.171.124" newVersion="126.96.36.199" /> </dependentAssembly>
– Had to follow the nuget update steps in: http://stackoverflow.com/questions/18347290/webapi-odata-5-0-beta-accessing-globalconfiguration-throws-security-error
– Added one more dependent section to the web.config
<dependentAssembly> <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="188.8.131.52-184.108.40.206" newVersion="220.127.116.11" /> </dependentAssembly>