Why am I getting a 405 response to a DELETE request even though I allow that method in my CORS config?
I have a Blazor WebAssembly and C# web API hosted on IIS and When trying to send a PUT or DELETE request to my API I get this cors error:
While i have this in My Program.cs:
This is the response headers I get back on IIS:
This is not right.
because on my localhost when sending PUT or DELETE I get this back, response localhost:
localhost works as expected but not IIS.
Why is that?
UPDATE:
there was nothing wrong with my setup as seen above. In my IIS I have to disable WebDav by adding this in my web.config:
<modules>
<remove name="WebDAVModule"/>
</modules>
And make sure you don't autogenerate your web.config.
Don't conflate
- the methods supported by your resource
- the methods allowed by your resource for CORS.
They're two different things, although the latter typically form a subset of the former. Sure, your CORS configuration allows the DELETE method:
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,PATCH,OPTIONS
But allowing a method in your CORS configuration doesn't automatically make the resource support that method! Note the absence of DELETE from the Allow header, which lists the set of methods supported by the resource:
Allow: GET, HEAD, OPTIONS, TRACE
The absence of DELETE from this list indicates that your resource currently doesn't support that method. The response status (405 Method Not Allowed) is another clue.
You need to fix that in your routes or whatever.
- How to solve "Could not establish trust relationship for the SSL/TLS secure channel with authority"
- HTTP Error 503. The service is unavailable. App pool stops on accessing website
- Clean my MachineKeys folder by removing multiple RSA files without touching IIS ones
- Difference between executionTimeout and Server.ScriptTimeout
- Set .NET CLR Version to No Managed Code
- HSTS and redirection IIS 10
- Troubleshooting HTTPS Issues with .NET Application on IIS Server
- How do I check if user 'IIS AppPool\MyAppPoolName' exists in powershell
- How to Disable HTTP/2 for Specific Sites in IIS Using PowerShell?
- IIS "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'" SQL connection error, but only for 1 user
- IIS String was not recognized as a valid DateTime
- Error during GENERAL_REQUEST_ENTITY for POST request causes ASP .NET session state to never get unlocked
- MVC 6 Hosted on IIS HTTP Error 500.19
- System.Data.SqlClient.SqlException: Login failed for user
- Invalid provider type specified one more time
- IIS Manager in Windows 10
- Hosting multiple .net core using the same application pool with AspNetCoreModuleV2
- Duplicate Content Security Policies for frame ancestors generated (Blazor, IIS and Chrome)
- Error: Microsoft.Data.SqlClient is not supported on this platform when publishing .NET 8.0 C# Web API to IIS
- Blazor App on IIS does not work on recent IOS
- Is it possible to make part of a site on IIS only viewable from localhost?
- ERROR: "The project doesn't know how to run the profile IIS Express" (VS 2019, 16.11.7)
- HTTP Error 500.31 - Failed to load ASP.NET Core runtime
- Using application pool identity results in exceptions and event logs
- Serilog Not Working After New Azure Release: The type initializer for 'Microsoft.Data.SqlClient.InOutOfProcHelper' threw an exception
- How to configure Web Deploy on Windows 10 pro
- On IIS, are .NET AppDomain instance specific to an application?
- 404 - File or directory not found. getting in windows server
- "There was an error while performing this operation"
- IIS Websites requested through HTTPS keeps showing a prompt for sign in instead of loading the site