All geek questions in one place

WebAPI - Does the Routing Attribute Abort DELETE Using WebAPI Cors?

Following route:

routes.MapHttpRoute( name: "Set", routeTemplate: "api/set/{id}", defaults: new { controller = "Set", id = RouteParameter.Optional } );

displayed as follows:

  [HttpDelete] [AcceptVerbs("DELETE")] public HttpResponseMessage DeleteSet(int id) { //stuff }

I can delete sets with this call:

  DELETE api/set/1

enter image description here

BUT if I remove the above route in favor of attribute routing:

  [HttpDelete("api/set/{id}")] [AcceptVerbs("DELETE")] public HttpResponseMessage DeleteSet(int id) { //stuff }

And add to my configuration:

 public static class WebApiConfig { public static void Register(HttpConfiguration config) { var cors = new EnableCorsAttribute("http://localhost:11089", "*", "*"); config.MapHttpAttributeRoutes(); // new, working with stuff other than delete config.EnableCors(cors); // already working, not new } }

The same request is aborted due to a CORS problem:

enter image description here

In the images you see the query parameter, but this is true for simple DELETE queries with identifier. What the hell is going on? We spent a lot of time matching the attributes, and it would prevail that everything be discarded because DELETE does not work.

Here's another DELETE instance, broken with a simple id:

enter image description here

The above was obtained from this request:

 var options = { url: apiEndpoint + 'card/' + id, type: 'DELETE', dataType: 'json', xhrFields: { withCredentials: true } }; return $.ajax(options)

UPDATE If we go over all of our removal methods with " [AcceptVerbs("OPTIONS")] , then it will work. It seems inelegant, and I would like to leave it open if someone has an authoritative answer.

+4
source share
1 answer

You seem to be facing the well-known problem of using CORS with attribute routing. The next question is currently tracking this.

http://aspnetwebstack.codeplex.com/workitem/954

This is due to the limitations on httpmethod that attribute routing creates when creating routes.

Workarounds (there are several options):

  • Explicitly decorate the action with the HttpOptions layout attribute so that this restriction is also added and your OPTIONS request can pass.

  • Create your own route builder that adds options for all routes (you can change this behavior if you want). Code example:

     config.MapHttpAttributeRoutes(new CustomRouteBuilder()); public class CustomRouteBuilder : HttpRouteBuilder { public override IHttpRoute BuildHttpRoute(HttpRouteValueDictionary defaults, HttpRouteValueDictionary constraints, string routeTemplate) { HttpMethodConstraint currentMethodConstraint = (HttpMethodConstraint)constraints["httpMethod"]; List<HttpMethod> methods = currentMethodConstraint.AllowedMethods.ToList(); if (!methods.Contains(HttpMethod.Options)) { methods.Add(HttpMethod.Options); } HttpMethodConstraint newMethodConstraint = new HttpMethodConstraint(methods.ToArray()); HttpRouteValueDictionary newConstraints = new HttpRouteValueDictionary(); newConstraints["httpMethod"] = newMethodConstraint; return base.BuildHttpRoute(defaults, newConstraints, routeTemplate); } }
+4
source

Source: https://habr.com/ru/post/1492837/

More articles:


All Articles