CORS: Multiple Domains

Drammy · April 1, 2016, 1:27pm

Hi,

Is it correct that this code…

    public override void Configure(IAppHost appHost)
    {
        var allowedOrigins = _appSettings.GetList("AllowedOrigins") ?? new[] {"*"};   //<add key="AllowedOrigins" value="http://localhost,http://locahost:3000"/>
        appHost.Plugins.Add(new PostmanFeature());
        appHost.Plugins.Add(new CorsFeature(
            allowOriginWhitelist: allowedOrigins,
            allowedMethods: "GET, POST, PUT, DELETE, OPTIONS",
            allowCredentials: true,
            allowedHeaders: "Authorization, Content-Type"));  //Access-Control-Allow-Headers, X-Requested-With, Accept, 
    }

should produce these headers (on version 4.0.54)?

Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:Authorization, Content-Type
Access-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONS
Content-Type:application/json
Date:Fri, 01 Apr 2016 13:23:44 GMT
Server:Microsoft-HTTPAPI/2.0
Transfer-Encoding:chunked
Vary:Accept
X-Powered-By:ServiceStack/4.054 Win32NT/.NET

I’m getting an exception in my AngularJS app on Chrome:

XMLHttpRequest cannot load http://localhost:8088/auth/currentSession. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3000’ is therefore not allowed access.

Any help appreciated…?

Drammy · April 1, 2016, 1:29pm

p.s. not sure if I’m better off asking these questions on StackOverflow or not?

mythz · April 1, 2016, 1:31pm

The Allow-Origin Header isn’t static, it needs to match the Origin HTTP Request Header in order to emit it in the response.

mythz · April 1, 2016, 1:31pm

Either is fine, tho you may get a faster response on StackOverflow when I’m AFK.

Drammy · April 1, 2016, 1:57pm

Hmmmm, but my request has the following headers - you can see the Origin matches one of the whitelist values:

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Cookie:layoutStyle=verticalNavigation; __ngDebug=true; ss-id=DutWQyC4dVxBmwVcmw9m; ss-pid=LMFgVPozoNtvSWcCKusc; X-UAId=1; selectedTheme=default
Host:localhost:8088
Origin:http://localhost:3000
Pragma:no-cache
Referer:http://localhost:3000/auth/login
User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36

Here’s the whitelist:

add key=“AllowedOrigins” value=“http://localhost,http://locahost:3000”

Drammy · April 1, 2016, 1:58pm

Doh! - I’ve spotted it!!! Typo!! (whitelist contains locahost:3000 not localhost:3000)

You’ve no idea how long I’ve being going round in circles with this!

Thanks for the help mythz