POST, PUT, DELETE, etc use pre-flighted CORS. The browser sends an OPTIONS request. This is because browser first, checks if serverside can handle CORS or not using OPTIONS
request, if succeeds, then sends actual request PUT
or POST
or Delete
. Since you do not have an action method that handles OPTIONS, you are getting a 405. In its most simplest form, you must implement an action method like this in your controller.
More explanation - http://www.w3.org/TR/cors/#resource-preflight-requests
http://www.html5rocks.com/en/tutorials/cors/
public HttpResponseMessage Options()
{
var response = new HttpResponseMessage();
response.StatusCode = HttpStatusCode.OK;
return response;
}
Note: This this action just responds to OPTION
request, so along with this you need to add necessary config to web.config
, such as Access-Control-Allow-Origin = *
and Access-Control-Allow-Methods = POST,PUT,DELETE
.
Web API 2
has CORS support, but with Web API 1, you have to follow this path.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…