-
Notifications
You must be signed in to change notification settings - Fork 46
Access-Control-Allow-Headers shows as two separate headers which makes IE not process a cors response. #22
Comments
@esyorcho can you please post your policy again? Are you sure you are not adding the |
https://github.com/aspnet/CORS/blob/dev/src/Microsoft.AspNet.Cors.Core/CorsService.cs#L147-L154 |
ah I see .. yeah makes sense... |
Hi @harshgMSFT and @Tratcher , app.UseCors(policy => policy.WithOrigins("http://domain1.com", "http://localhost:2025").AllowAnyMethod().AllowAnyHeader().AllowCredentials()); Then we add the authorization header this way: var authHeader = "";//"basic ";
But there's still a "content-type" header added as a different line besides Authorization. We have in the controller of the rest api: [Produces("application/json")] But I've also tried removing it and still adds the extra header: Access-Control-Allow-Headers: content-type that is not read by IE and blocks our calls. Do you know what could be adding this extra content-type header? Thank you |
Thank you very much guys |
@kichalla I'm donating this bug to @harshgMSFT |
Moving the bug from dotnet/aspnetcore#640
@esyorcho
I've been trying to "tie" both headers together (authentication and content-type), so that they show up in one line like:
Access-Control-Allow-Headers: content-type, authorization
But no matter what I did, they were being separated in 2 lines. I removed the authorization header from my first call (the login) since I didn't need it anyways, and then it went through (because it only had the content-type header). Somehow post calls within the application that need the authorization header still have the same problem (content-type missing, because it's in the second line and IE can't read it). Could you please tell me if there's a way that you know to make both headers show up in one line? At the moment we're adding the Authorization header this way in js:
and we do our post calls with restangular this way:
RestangularFactory.all("search/getFields").post(criteria, "");
In our server api we have all post and get calls with:
If there is any other information that you need please let me know
Thank you very much
The text was updated successfully, but these errors were encountered: