WCF DataService (OData) and CORS

StackOverflow https://stackoverflow.com/questions/19808069

Question

I am trying to get a WCF DataService working with cross domain requests. I found this on how to get a WCF service to work with CORS: http://blogs.microsoft.co.il/blogs/idof/archive/2011/07/02/cross-origin-resource-sharing-cors-and-wcf.aspx

I downloaded the sample, but can't get it to work with a DataService. It works with the sample service, but not with my DataService.

This is my very simple WCF DataService:

public class TestService : DataService<DataContext>
{
    public static void InitializeService(DataServiceConfiguration config)
    {
        config.UseVerboseErrors = true;
        config.SetEntitySetAccessRule("Items", EntitySetRights.All);
        config.DataServiceBehavior.MaxProtocolVersion = DataServiceProtocolVersion.V3;
    }
}

The TestService.svc file:

<%@ ServiceHost Language="C#" Factory="WebHttpCors.CorsWebServiceHostFactory, WebHttpCors" Service="MvcApplication1.TestService" %>

The DataContext is also very simple:

public class DataContext : DbContext
{
    public DbSet<Item> Items { get; set; }
}

But still, the preflight options request returns with a 501. Is there something I am missing to get CORS to work with a Dataservice?

Was it helpful?

Solution

If you're using IIS, verify that the ExtensionLess handler is configured to handle the OPTIONS requests.

A few notes unrelated to your direct issue: since CORS is not properly supported, neither the package you found nor any other solutions will be truly satisfactory (you won't be able to easily specify your policies). It's possible to create a professionally-maintained package to do this using WCF inspectors, but I haven't seen any. Instead, I'd like to invite you to vote this up should you agree.

In the meantime, I can only recommend that you integrate any code you find on the web very carefully (as most of it is barely tested). This article may assist you with that. This is not directly related to Data Services, but it's the same WCF tech. Maybe look at the Web API implementation or other projects for inspiration.

Good luck.

PS: In 90% of the situations, you'll also want to forget about solutions involving proxying. In most architectures, it's just horrible and makes very little sense unless your edge backend is designed in a way that somehow would make it seem less kludgy.

Update: Also verify that the implementation you're using actually handles the OPTIONS requests properly. If it passes them through, WCF Data Services will return a 501, and the interceptor might just pass it back through as well even though the headers were set correctly. Since preflight requests don't need a body, a quick and dirty hack would be to pickup these 501s and change them into 200s, but obviously you really want to stop the request from hitting the data service in the first place.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top