Closed selganor74 closed 9 years ago
And you've disabled webdav? http://brockallen.com/2012/10/18/cors-iis-and-webdav/
Removed WebDAV module and handler but no luck. When CORS is enabled I get a straight 200, no tracing no clue on where the code is passing through... Any clues ?
I've managed to obtain a Token in CORS by configuring CORS as explained before (this will allow for OPTIONS Method) and then adding custom headers in the httpProtocol section of system.webserver in web.config. Dirty but working solution ...
<modules>
</modules>
<handlers>
</handlers>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Methods" value="*" />
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Authorization, Content-Type" />
</customHeaders>
</httpProtocol>
Maybe ma I missing some CorsEnabling on Token Controllers?
Did you check the CorsSamples for Thinktecture.IdentityModel.45? You'd have to mimic them in IdentityServer's code:
https://github.com/thinktecture/Thinktecture.IdentityModel.45/tree/master/Samples/CorsSamples
Ok, I managed to setup according to the samples provided
thank you!
I'm trying to use Identity Server v2 OAuth2 Resource Owner Flow from from AngularJS app in CORS scenario. The system responds 405 as the OPTIONS method is not allowed in any way in the config, so I tried to add CORS config in Application_Start method as follows
having set up CORS in this way:
namespace Thinktecture.IdentityServer.Web.GL { public class CorsConfig { public static void RegisterCors(HttpConfiguration httpConfig) { WebApiCorsConfiguration corsConfig = new WebApiCorsConfiguration();
}
Now the response is a straight 200 without any CORS header so the browser throws an "XMLHttpRequest cannot load ..." because of no CORS headers are returned after the pre-flight OPTIONS request.
I can regularly obtain a token issuing the request via fiddler. Is there anything I can do ?