jeudi 27 août 2015

Laravel angularJS CORS using barryvdh/laravel-cors not working on IIS

I have problem with cross domain request to an API hosted on IIS.

I am using an angularjs application to fetch data from the API, which is developed with laravel 5 using tymondesigns/jwt-auth and barryvdh/laravel-cors package for JWT and CORS.

When the API is hosted on apache angularjs app fetches data.But when hosted on IIS it gives following error:

XMLHttpRequest cannot load http://ift.tt/VSgnjS. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

The preflight request response header:

Request URL:http://ift.tt/VSgnjS
Request Method:OPTIONS
Status Code:200 OK
Allow:OPTIONS, TRACE, GET, HEAD, POST
Content-Length:0
Public:OPTIONS, TRACE, GET, HEAD, POST
Server:Microsoft-IIS/8.5
X-Powered-By:ASP.NET

My first question is why "Access-Control-Allow-Origin" is not set, when hosted on IIS. Is there any special setting to enable CORS on IIS.

So then I added following lines to web.config file:

<httpProtocol>
    <customHeaders>
        <remove name="Access-Control-Allow-Origin" />   
        <add name="Access-Control-Allow-Origin" value="*" />
        <remove name="Access-Control-Allow-Headers" />
       <add name="Access-Control-Allow-Headers" value="Origin, Content-Type, Authorization, Accept, X-Request-With" />
   </customHeaders>
</httpProtocol>

Now it give following error:

XMLHttpRequest cannot load http://ift.tt/VSgnjS. The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost, *', but only one is allowed. Origin 'http://localhost' is therefore not allowed access.

The preflight request response header:

Request Method:OPTIONS
Status Code:200 OK
Access-Control-Allow-Headers:Origin, Content-Type, Authorization, Accept, X-Request-With
Access-Control-Allow-Origin:*
Allow:OPTIONS, TRACE, GET, HEAD, POST
Public:OPTIONS, TRACE, GET, HEAD, POST
Server:Microsoft-IIS/8.5
X-Powered-By:ASP.NET

The actual request response header:

Request Method:POST
Status Code:200 OK
Access-Control-Allow-Headers:Origin, Content-Type, Authorization, Accept, X-Request-With
Access-Control-Allow-Origin:http://localhost
Access-Control-Allow-Origin:*
Content-Type:application/json
Server:Microsoft-IIS/8.5
Set-Cookie:XSRF-TOKEN=eyJpdiI6IkpwNnU2mTnc9PSIsInam9jTFpxb0ptak1IMmFsQ3ZZhbMTM5ZTMzMjgyZWIyNCJ9; expires=Thu, 27-Aug-2015 12:52:55 GMT; Max-Age=7200; path=/; httponly
Vary:Origin
X-Powered-By:ASP.NET
X-Powered-By:PHP/5.6.0

So Why "Access-Control-Allow-Origin" is repeating" on actual request response header.

Do you think it might work if it is not repeated. If so, is it a secure to add "Access-Control-Allow-Origin" to web.config file.



from Newest questions tagged laravel-5 - Stack Overflow http://ift.tt/1K804ri
via IFTTT
Publié par à
Libellés : ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)