Hi,
I have a Web.API hosted in my local IIS as http://smt_api/ in the WebApiConfig.cs I have put config.EnableCors(new CorsPolicyAttribute()); in the Register methond and added this class:
using System;
using System.Net.Http;
using System.Threading;
using System.Threading.Tasks;
using System.Web.Cors;
using System.Web.Http.Cors;
namespace SMT_API.Core.PolicyProviders
{
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false)]
public class CorsPolicyAttribute : Attribute, ICorsPolicyProvider
{
private CorsPolicy _policy;
public CorsPolicyAttribute()
{
// Create a CORS policy.
_policy = new CorsPolicy
{
AllowAnyMethod = true,
AllowAnyHeader = true,
AllowAnyOrigin = false
};
// Add allowed origins.
//_policy.Origins.Add("http://myclient.azurewebsites.net");
//_policy.Origins.Add("http://www.contoso.com");
}
public Task<CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request)
{
return Task.FromResult(_policy);
}
public Task<CorsPolicy> GetCorsPolicyAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var retval = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true,
AllowAnyOrigin = false
};
return Task.FromResult(retval);
}
}
}I then call API from another site also hosted in local IIS http://smt_api_fe/ I would have expected the simple GET method (returns hard coded string) which I call not to return anything to the calling site as it is not permitted but instead I get the string back as usual.
Have I misunderstood something here?
Thanks,
Dave.