04-05-2013 11:07 AM
I've been working through the documentation in Argos-SDK for setting up CORS. We have multiple devs accessing a single dev location for SDATA so the approach makes sense for us.
I noticed there are still some requests returning 401s. They look like this:
The pages still load, however.
We went the IHttpModule route and there's a line in the sample on Github that looks funny:
04-05-2013 12:30 PM
I've narrowed it down to the fact that the OPTIONS method specifically is failing with 401 - Unauthorized.
I'm reasonably sure that line I mentioned earlier is the issue. I am not sure what to change it to.
04-09-2013 07:57 AM
A little more information.
Poked around the IIS logs and saw I'm getting 401.5 errors, and I just know its because the argument is wrong for the RewritePath method.
I went with the Helicon product (the Lite version) and it works - but I would rather avoid installing another app on the target production server.
The 401.5 errors are thrown on the sdata URLs themselves. I had to add a couple of extra headers anyway that the documentation doesnt specify just to get the other methods working, but none of them fixed OPTIONS.
My sdata portal is setup like this:
sdata and MyWebSiteWithPort both have Integrated Windows Auth turned off, with domain account WebDll as the user context for the app pool and anonymous user .
My requests look like this (where 1234 is the port number):
The URLs work correctly when browsed to directly.
I tried changing the RewritePath to look like this:
if (request.HttpMethod == Options) context.RewritePath("~/sdata");
And this in sdata's web.config:
<add verb="*" path="*" type="MyCompanyNamespace.SData.CrossOriginSupportOptionsHandler, CORSLibrary" />
So something's not right with authorization. Either I'm trying to write to the wrong path, or my IIS configuration is jacked.
04-15-2013 12:45 PM - edited 04-15-2013 12:49 PM
Here is my list of headers under system.webServer (in the sdata web.config)
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="GET,POST,PUT,DELETE,OPTIONS" />
<add name="Access-Control-Allow-Headers" value="Authorization,X-Requested-With,X-Authorization,X-Authorization-Mode,Content-Type,If-Match" />
<add name="Access-Control-Allow-Credentials" value="true" />
*EDIT* I also changed my CORS module by stripping it down a bit (dev server): https://gist.github.com/jbest84/5390790