CORS support for PUT and DELETE with ASP.NET Web API

Solution 1:

It looks like adding another custom header sorted it out:

<system.webServer>
 <httpProtocol>
  <customHeaders>
    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Headers" value="Content-Type" />
    <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
  </customHeaders>
 </httpProtocol>
</system.webServer>

Solution 2:

Also, in addition to Nathan answer, make sure you disabled WebDAV IIS module and set runAllManagedModulesForAllRequests="true" setting in the web.config:

<system.webServer>
  <modules runAllManagedModulesForAllRequests="true">
    <remove name="WebDAVModule"/>
  </modules>
  <handlers>
    <remove name="WebDAV" />
  </handlers>
</system.webServer>

Without this, preflight CORS requests (which are used for PUT, DELETE methods and send additional OPTIONS request) will not work.

Solution 3:

Very simple solution to overcome CORS Issue in WEBAPI2.2.

Add the following in you WebApi Config File.

var cors = new EnableCorsAttribute("*", "*", "*");
Config.EnableCors(cors);

Before adding this make sure you remove the custom header in the Web.config file.

    <add name="Access-Control-Allow-Origin" value="*" />
    <add name="Access-Control-Allow-Credentials" value="true" />
    <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept, X-Token" />
    <add name="Access-Control-Allow-Methods" value="GET,PUT,POST,DELETE,OPTIONS" />

If you have both customheader as well the CORS enabled in WebApiconfig, you will face the cors error.

Add the cors enabled in WebApi config will solve the issue.